Sanitization 1.0.0-rc.1

sanitization v1.0.0-rc.1

Release candidate for downstream integration testing before the first stable release.

Highlights

• Dependency-free secret memory sanitization crate for Rust.
• #![no_std] by default.
• No unsafe code in default builds.
• Optional alloc, std, and explicit unsafe-wipe features.
• Safe clear-on-drop containers for common secret types.
• Dependency-free macros for struct sanitization without proc-macro dependencies.

Added

• SecretBytes<N> for fixed-size secret byte storage.
• Secret<T> generic clear-on-drop wrapper.
• SecretVec and SecretString behind the alloc feature.
• SecureSanitize trait for explicit clearing.
• secure_sanitize_struct! macro.
• secure_drop_struct! macro.
• Explicit unsafe_wipe module behind the unsafe-wipe feature.
• VolatileOnDrop<T> wrapper for opt-in volatile clearing.
• Examples for basic, alloc, macro, and unsafe-wipe usage.
• Threat model, safety notes, security policy, and CI defaults.

Security Notes

• Default builds forbid unsafe code.
• Volatile wiping is available only through the explicit unsafe-wipe feature.
• Equal-length comparisons avoid early exit.
• Heap-backed secret containers wipe allocation capacity where available.
• Secret debug output is redacted.

Validation

This release candidate passed the full local check script, including tests, doctests, feature combinations, clippy/check flows, and docs generation on Rust 1.90.

Intended Use

Use this release candidate through Git while testing integration:

  sanitization = { git = "https://github.com/valkyoth/sanitization-rust-crate", tag = "v1.0.0-rc.1" }