Thanks to visit codestin.com
Credit goes to lib.rs

Lib.rs

Security | Memory management
#no-std #zeroize #secure

no-std secure-types

Secure data types that protect sensitive data in memory via locking, encryption, and zeroization

Owned by greekfetacheese.

5 releases

Uses new Rust 2024

0.2.0 Sep 6, 2025
0.1.31 Jul 31, 2025
0.1.4 Sep 6, 2025

#37 in Security

Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App

421 downloads per month
Used in 2 crates

MIT/Apache

80KB
2K SLoC

Secure Types

The goal of this crate is to provide a simple way to handle sensitive data in memory (eg. passwords, private keys, etc).

Currently there are 3 types:

  • SecureString: For working with strings.
  • SecureVec: For working with Vec<T>.
  • SecureArray: For working with &[T; LENGTH].

Features

  • Zeroization on Drop: Memory is wiped when dropped.
  • Memory Locking: (std-only) On Linux/Windows the memory is locked to prevent memory swapping or unauthorized access, On Linux it uses mlock and on Windows VirtualLock & VirtualProtect along with in-memory encryption using CryptProtectMemory.
  • Safe Scoped Access: Direct access on these types is not possible, data is protected by default and only accessible within safe blocks.
  • no_std Support: For embedded and Web environments (with zeroization only).
  • Serde Support: Optional serialization/deserialization.

Usage

SecureString

use secure_types::SecureString;

 // Create a SecureString
let mut secret = SecureString::from("my_super_secret");

// The memory is locked here

// Safely append more data.
secret.push_str("_password");

// The memory is locked here.

// Use a scope to safely access the content as a &str.
secret.unlock_str(|exposed_str| {
     assert_eq!(exposed_str, "my_super_secret_password");
 });

 // When `secret` is dropped, its data zeroized.

SecureVec

use secure_types::SecureVec;

// Create a new, empty secure vector.
let mut secret_key: SecureVec<u8> = SecureVec::new().unwrap();

// Push some sensitive data into it.
secret_key.push(0);
secret_key.push(1);
secret_key.push(2);

// The memory is locked here.

// Use a scope to safely access the contents as a slice.
secret_key.unlock_slice(|unlocked_slice| {
     assert_eq!(unlocked_slice, &[0, 1, 2]);
 });

SecureArray

use secure_types::SecureArray;

let exposed_array: &mut [u8; 3] = &mut [1, 2, 3];
let mut secure_array = SecureArray::from_slice_mut(exposed_array).unwrap();


secure_array.unlock_mut(|unlocked_slice| {
    assert_eq!(unlocked_slice, &[1, 2, 3]);
});

See also the examples.

Feature Flags

  • std (default): Enables all OS-level security features.
  • no_std: For no_std environments. Only provides the Zeroize on Drop.
  • serde: Enables serialization/deserialization.

Credits

Dependencies

~0.2–14MB
~99K SLoC