Zeroize bytes

gnosisguild · Dec 19, 2024 · 5d5fa3e · 5d5fa3e
1 parent cd4a824
commit 5d5fa3e
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/packages/ciphernode/enclave/src/commands/net/generate.rs b/packages/ciphernode/enclave/src/commands/net/generate.rs
@@ -5,18 +5,20 @@ use config::AppConfig;
 use enclave_core::{EventBus, GetErrors};
 use enclave_node::get_repositories;
 use libp2p::identity::Keypair;
+use zeroize::Zeroize;
 
 pub async fn execute(config: &AppConfig) -> Result<()> {
     let kp = Keypair::generate_ed25519();
     println!(
         "Generated new keypair with peer ID: {}",
         kp.public().to_peer_id()
     );
-    let bytes = kp.try_into_ed25519()?.to_bytes().to_vec();
+    let mut bytes = kp.try_into_ed25519()?.to_bytes().to_vec();
     let cipher = Cipher::from_config(config).await?;
     let encrypted = cipher.encrypt_data(&mut bytes.clone())?;
     let bus = EventBus::new(true).start();
     let repositories = get_repositories(&config, &bus)?;
+    bytes.zeroize();
 
     // NOTE: We are writing an encrypted string here
     repositories.libp2p_keypair().write(&encrypted);