Skip to content
Easy and secure handling of sensitive data, in pure Go.
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github/ISSUE_TEMPLATE Create issue templates (#65) Jun 11, 2018
vendor/ Switch to using golang/dep (#50) Feb 12, 2018
AUTHORS Use finalizers to prevent leaks Aug 13, 2017 Create Aug 7, 2017
Gopkg.toml Switch to using golang/dep (#50) Feb 12, 2018
LICENSE Relicence project under Apache-v2 (#9) May 2, 2017 Add comment about signed releases. Feb 12, 2018
appveyor.yml immutability: redesign api to improve verbosity (#40) Oct 20, 2017
container.go alloc: use strange bytes (#52) Feb 12, 2018
docs_test.go immutability: redesign api to improve verbosity (#40) Oct 20, 2017
logo.svg Initial commit Apr 22, 2017
memguard_test.go feature: re-add the wipebytes function (#59) Apr 28, 2018


Easy and secure handling of sensitive memory, in pure Go.

This is a thread-safe package, designed to allow you to easily handle sensitive values in memory. It supports all major operating systems and is written in pure Go.


  • Interference from the garbage-collector is blocked by using system-calls to manually allocate memory.
  • It is very difficult for another process to find or access sensitive memory as the data is sandwiched between guard-pages. This feature also acts as an immediate access alarm in case of buffer overflows.
  • Buffer overflows are further protected against using a random canary value. If this value changes, the process will panic.
  • We try our best to prevent the system from writing anything sensitive to the disk. The data is locked to prevent swapping, system core dumps can be disabled, and the kernel is advised (where possible) to never include the secure memory in dumps.
  • True kernel-level immutability is implemented. That means that if anything attempts to modify an immutable container, the kernel will throw an access violation and the process will terminate.
  • All sensitive data is wiped before the associated memory is released back to the operating system.
  • Side-channel attacks are mitigated against by making sure that the copying and comparison of data is done in constant-time.
  • Accidental memory leaks are mitigated against by harnessing Go's own garbage-collector to automatically destroy containers that have run out of scope.

Some of these features were inspired by libsodium, so credits to them.

Full documentation and a complete overview of the API can be found here.


Although we do recommend using a release, the simplest way to install the library is to go get it:

$ go get

If you would prefer a signed release that you can verify and manually compile yourself, download and extract the latest release. Then go ahead and run:

$ go install -v ./

The latest release is guaranteed to be cryptographically signed with my most recent PGP key, which can be found on keybase. To import it directly into GPG, run:

$ curl | gpg --import

We strongly encourage you to vendor your dependencies for a clean and reliable build. Go's dep makes this task relatively frictionless.

You can’t perform that action at this time.