Secure data erasure

The secure data erasure helpers are defined in wil/resource.h as part of the RAII resource wrappers library.

Some components handle sensitive data; passwords or other data that should be scrubbed from memory when no longer needed. To guarantee the necessary calls to SecureZeroMemory in the face of early returns and exceptions, WIL provides the following helpers:

// Erase a given buffer when the returned variable goes out of scope
auto zero = wil::SecureZeroMemory_scope_exit(buffer, ARRAYSIZE(buffer));

// Erase the value of the following string when the returned variable goes out of scope
auto zero = wil::SecureZeroMemory_scope_exit(passwordString);

Similarly, you can use some wistd::unique_ptr<T> specializations to hold allocated objects that are securely zeroed, such as unique_cotaskmem_secure_ptr.

Through WIL's stl header (wil\stl.h) you can also get access to wil::secure_allocator which you can plug into any stl collection, or utilize one of the existing type defines that already does this for (wil::secure_vector, wil::secure_wstring, wil::secure_string).