The "before it touches disk" thing in the promo copy is silly, yes, but there's really no sane threat model for this; from every vantage point where this could matter, you already have game-over attacks on the app.

Protected memory can be used to fix that. Working on a related project that I'm planning to share soon.

But so what? Another app can't really read swap file/partition. Unless it runs with elevated privileges like root, in which case the system is compromised anyway.

Hey, thanks for the feedback! That's a valid point; currently, my main focus is to secure the store on disk, but this is definitely a point which could be improved later on.

If your machine is fully compromised or actively monitored by a threat actor with physical access, then this tool would not cover you, that's for sure.

If you have any concrete recommendations, I can even give it a try in one of the next releases.

Thanks!

I thought we were all supposed to be encrypting our swap. Or is there something better an app can do about this?