A protected string library for Go
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Initial commit Feb 24, 2014
README.md Update README.md Dec 21, 2014
secstring.go Use -1 for fd for OpenBSD Dec 21, 2014


Secure-ish strings in Go!

secstring aims to provide a basic secure string implementation to go


Build Status Coverage Status GoDoc

Should I use this?

Probably not. I've implemented this mostly as a PoC. I use it somewhat, but I don't recommend other people use it right now.

What makes them secure?

  • strings are unlikely to be written to swap (except during hibernation)
  • strings are immutable - modifying them causes a non-recoverable panic

This doesn't work on Windows/FreeBSD/etc.

Yes. I use syscall heavily, and unfortunately, golang in many BSDs don't have the functions I'm using. I'm going to submit patches, so hopefully they get added soon.

Windows support will never be added. I don't have a test box for it.

Can I get an example?

Damn straight.

import "github.com/worr/secstring"
import "fmt"

func main() {
    str := "testing"
    ss, _ := secstring.FromString(&str)
    defer ss.Destroy()

    fmt.Printf("String: %v", ss.String)