Gentlefolk,
Apparently, my Google-fu is weak and I come seeking advice.
Secret management is important. In particular, I want to make sure that
any secrets I decrypt are erased from memory before the storage is reclaimed by
the VM. In other environments, I would just dig into
This is an area I've spent a fairly significant amount of time
investigating. My conclusion was "no, there is no reliable way to do this",
but I'd love to be proven wrong.
The fundamental problem is that how exactly stores
variables in memory is not defined as part of the implementation
requireme
Afaik, there is no reliable way to do this in Python.
I have taken some time to implement some OpenSSL methods that at least
clear the memory on private numbers before freeing it in BIGNUMBER
operations.
See the PR here: https://github.com/pyca/cryptography/pull/4072
However, as it comes for the
You might have a look at:
https://github.com/dnet/pysecstr
Here is a longer description about the used method:
https://www.sjoerdlangkemper.nl/2016/06/09/clearing-memory-in-python/
Disclaimer: This is not a recommendation just a hint for further
exploration. Be also aware that you can't control i
