All the data stored in the vault should be wrapped in Secret. Only time the data is exposed is around I/O when needed and when serializing the data during encryption.
As of right now can't have ZeroizeOnDrop or Secret on Aes keys, so that is something that is lacking.
All the data stored in the vault should be wrapped in
Secret
. Only time the data is exposed is around I/O when needed and when serializing the data during encryption.As of right now can't have
ZeroizeOnDrop
orSecret
on Aes keys, so that is something that is lacking.