Memory Zeroization
JavaScript runtimes do not provide strong guarantees around in-memory zeroization.
Memory Zeroization
JavaScript runtimes do not provide strong guarantees around in-memory zeroization.
What is zeroized
- Encryption keys
- Decrypted secrets
- Authentication tokens
- Private key material
How it works
Node.js
// JavaScript runtimes do not provide strong guarantees around in-memory zeroization.
// Prefer short-lived tokens, avoid logging secrets, and minimize copying sensitive values.
Limitations
Language limitations
- JavaScript: No guaranteed memory control
- Best effort in managed languages
What we do
SDKs in this repo avoid unnecessary copying where practical, but cannot guarantee zeroization.
Best practices
- Minimize secret lifetime in memory
- Avoid logging secrets
- Prefer
Buffer/Uint8Arrayand overwrite buffers when possible - Use short-lived access tokens
Verification
Managed runtimes do not provide reliable verification of in-memory zeroization.