search

BetterCloud / vault-java-driver

Zero-dependency Java client for HashiCorp's Vault
https://bettercloud.github.io/vault-java-driver/
335 stars 224 forks source link

User char[] instead of String for sensitive values #216

Open hirako2000 opened 4 years ago

hirako2000 commented 4 years ago

Sensitive data better not be assigned to String, they are immutable hence stay in the Heap. Consider using char[] instead

ref: fortify heap inspection