Go proposal: Secret mode
Part of the Accepted! series, explaining the upcoming Go changes in simple terms.Automatically erase used memory to prevent secret leaks.Ver. 1.26 • Stdlib • Low impactSummaryThe new runtime/secret package lets you run a function in secret mode. After the function finishes, it immediately erases (zeroes out) the registers and stack it used. Heap allocations made by the function are erased as soon as the garbage collector decides they are no longer reachable.secret.Do(func() { // Generate a session key and // use it to encrypt the data. }) This helps make sure sensitive information doesn’t stay in memory longer than needed, lowering the risk of attackers getting to it.The package is experimental and is mainly for developers of cryptographic libraries, not for application…
