README
¶
mattress
Like storing your secrets under your mattress, but better
A Go port of Rust's secrecy crate.
[!Warning] Disclaimer:
While this package offers enhanced security for sensitive data, it is important to acknowledge that no method is entirely foolproof. Users are encouraged to employ this package in conjunction with other security best practices for more comprehensive protection.
This package utilizes runtime finalizers to ensure cleanup of sensitive data. Due to the nature of Go's runtime, which does not guarantee immediate execution of finalizers, sensitive data may reside in memory longer than anticipated. Users should proceed with caution and ensure they fully comprehend the potential implications.
Example
import m "github.com/garrettladley/mattress"
type User struct {
Username string
Password *m.Secret[string]
}
func main() {
password, err := m.NewSecret("password")
if err != nil {
// handle error
}
user := User{
Username: "username",
Password: password,
}
fmt.Println(user.Password) // Output: memory address
fmt.Println(user.Password.String()) // Output: "[SECRET]"
fmt.Println(user.Password.Expose()) // Output: "password"
}
Documentation
¶
Overview ¶
mattress provides a secure way to handle sensitive data within Go applications. It leverages the memguard library to create encrypted enclaves for sensitive information, ensuring that data is protected both in memory and during runtime. This package is designed to mitigate accidental leaks of sensitive data through improper memory handling or exposure via runtime panics.
Note: While this package offers enhanced security for sensitive data, it is important to acknowledge that no method is entirely foolproof. Users are encouraged to employ this package in conjunction with other security best practices for more comprehensive protection.
Warning: This package utilizes runtime finalizers to ensure cleanup of sensitive data. Due to the nature of Go's runtime, which does not guarantee immediate execution of finalizers, sensitive data may reside in memory longer than anticipated. Users should proceed with caution and ensure they fully comprehend the potential implications.
Example Usage:
import m "github.com/garrettladley/mattress"
type User struct {
Username string
Password *m.Secret[string]
}
func main() {
password, err := m.NewSecret("password")
if err != nil {
// handle error
}
user := User{
Username: "username",
Password: password,
}
fmt.Println(user.Password) // Output: memory address
fmt.Println(user.Password.String()) // Output: "[SECRET]"
fmt.Println(user.Password.Expose()) // Output: "password"
}
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Secret ¶
type Secret[T any] struct { // contains filtered or unexported fields }
Secret holds a reference to a securely stored piece of data of any type. The data is stored within a memguard.LockedBuffer, providing encryption at rest and secure memory handling.
func NewSecret ¶
NewSecret initializes a new Secret with the provided data. It serializes the data using encoding/gob and stores it securely using memguard. This function returns an error if encoding the data fails or if there is an issue securing the data in memory.
Source Files