vault: return Zeroizing<String> from unlock_new

Change unlock_new return type from String to Zeroizing<String>
so the generated mnemonic phrase is zeroized on drop and does not
linger in freed heap memory. Resolves drift item #8 / review W7.
This commit is contained in:
2026-06-23 13:33:00 +00:00
parent 4078a8d8d5
commit 685413dee4

View File

@@ -50,6 +50,7 @@ use crate::derivation::{self, DerivationError, PATHS};
use crate::encryption::{self, EncryptedData, EncryptionKey};
use crate::mnemonic::{Language, Mnemonic, Seed};
use crate::protocol::{DerivedKey, KeyType};
use zeroize::Zeroizing;
/// Handle to a running VaultService for local (in-process) use.
///
@@ -150,7 +151,7 @@ impl VaultServiceHandle {
///
/// Returns the generated mnemonic phrase. Store this phrase securely —
/// it is the root of trust for all derived keys.
pub fn unlock_new(&self, word_count: usize) -> Result<String, VaultServiceError> {
pub fn unlock_new(&self, word_count: usize) -> Result<Zeroizing<String>, VaultServiceError> {
let mut inner = self.inner.write().unwrap();
if inner.unlocked {
return Err(VaultServiceError::AlreadyUnlocked);
@@ -158,7 +159,7 @@ impl VaultServiceHandle {
let mnemonic = Mnemonic::generate(word_count)?;
let seed = mnemonic.to_seed(None);
let phrase = mnemonic.phrase().to_string();
let phrase = Zeroizing::new(mnemonic.phrase().to_string());
inner.mnemonic = Some(mnemonic);
inner.seed = Some(seed);