Lib.rs

Security | Memory management
#no-std #zeroize #secure #memory

no-std secure-types

Secure data types that protect sensitive data in memory via locking and zeroization

Owned by greekfetacheese.

8 releases

Uses new Rust 2024

new 0.2.3 Oct 27, 2025
0.2.2 Oct 13, 2025
0.2.0 Sep 6, 2025
0.1.31 Jul 31, 2025
0.1.4 Sep 6, 2025

#34 in Security

Download history 52/week @ 2025-07-09 225/week @ 2025-07-16 25/week @ 2025-07-23 398/week @ 2025-07-30 23/week @ 2025-08-06 3/week @ 2025-08-13 26/week @ 2025-08-20 90/week @ 2025-08-27 241/week @ 2025-09-03 42/week @ 2025-09-10 66/week @ 2025-09-17 30/week @ 2025-09-24 38/week @ 2025-10-01 302/week @ 2025-10-08 78/week @ 2025-10-15 103/week @ 2025-10-22

524 downloads per month
Used in 2 crates

MIT/Apache

70KB
1.5K SLoC

Secure Types

The goal of this crate is to provide a simple way to properly handle sensitive data in memory (eg. passwords, private keys, etc).

Currently there are 3 types:

  • SecureString: For working with strings.
  • SecureVec: For working with Vec<T>.
  • SecureArray: For working with &[T; LENGTH].

Features

  • Zeroization on Drop: Memory is wiped when dropped.
  • Memory Locking: (OS-only) On Linux/Windows the memory is locked to prevent memory swapping or unauthorized access.
  • Safe Scoped Access: Direct access on these types is not possible, data is protected by default and only accessible within safe blocks.
  • no_std Support: For embedded and Web environments (with zeroization only).
  • Serde Support: Optional serialization/deserialization.

How memory is locked

Usage

SecureString

use secure_types::SecureString;

 // Create a SecureString
let mut secret = SecureString::from("my_super_secret");

// The memory is locked here

// Safely append more data.
secret.push_str("_password");

// The memory is locked here.

// Use a scope to safely access the content as a &str.
secret.unlock_str(|exposed_str| {
     assert_eq!(exposed_str, "my_super_secret_password");
 });

 // When `secret` is dropped, its data zeroized.

SecureVec

use secure_types::SecureVec;

// Create a new, empty secure vector.
let mut secret_key: SecureVec<u8> = SecureVec::new().unwrap();

// Push some sensitive data into it.
secret_key.push(0);
secret_key.push(1);
secret_key.push(2);

// The memory is locked here.

// Use a scope to safely access the contents as a slice.
secret_key.unlock_slice(|unlocked_slice| {
     assert_eq!(unlocked_slice, &[0, 1, 2]);
 });

SecureArray

use secure_types::SecureArray;

let exposed_array: &mut [u8; 3] = &mut [1, 2, 3];
let mut secure_array = SecureArray::from_slice_mut(exposed_array).unwrap();


secure_array.unlock_mut(|unlocked_slice| {
    assert_eq!(unlocked_slice, &[1, 2, 3]);
});

See also the examples.

Feature Flags

  • use_os (default): Enables all OS-level security features.
  • no_os: For no_std environments. Only provides the Zeroize on Drop.
  • serde: Enables serialization/deserialization.

Credits

Dependencies

~215–770KB
~18K SLoC