Skip to content

AWSCredentials destruction #3764

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kai-ion merged 11 commits into from
Apr 6, 2026
Merged

AWSCredentials destruction #3764

Changes from 4 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
6535794
init
kai-ion Mar 27, 2026
f794d4e
copy and move constructor
kai-ion Mar 27, 2026
8e08158
reuse the existing securememclear function
kai-ion Mar 27, 2026
acdd015
Merge branch 'main' into free
kai-ion Mar 30, 2026
e9e3bb9
using =default and changing from index to const_cast
kai-ion Mar 30, 2026
6305ad4
revert to use [0] index
kai-ion Apr 1, 2026
7a0d163
Merge branch 'main' into free
kai-ion Apr 1, 2026
9be0a84
removed redundant clears
kai-ion Apr 2, 2026
bd5298c
Merge branch 'main' into free
kai-ion Apr 2, 2026
b843e37
Merge branch 'main' into free
kai-ion Apr 3, 2026
9c3b271
Merge branch 'main' into free
kai-ion Apr 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
119 changes: 119 additions & 0 deletions src/aws-cpp-sdk-core/include/aws/core/auth/AWSCredentials.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
#include <aws/core/client/UserAgent.h>
#include <aws/core/utils/memory/stl/AWSString.h>
#include <aws/core/utils/DateTime.h>
#include <aws/core/platform/Security.h>
namespace Aws
{
namespace Auth
Expand Down Expand Up @@ -98,6 +99,104 @@ namespace Aws
m_expiration(expiration),
m_accountId(accountId) {}

/**
Comment thread
sbiscigl marked this conversation as resolved.
* Copy constructor.
*/
AWSCredentials(const AWSCredentials& other)
: m_accessKeyId(other.m_accessKeyId),
m_secretKey(other.m_secretKey),
m_sessionToken(other.m_sessionToken),
m_expiration(other.m_expiration),
m_accountId(other.m_accountId),
m_context(other.m_context)
{
}

/**
* Move constructor.
*/
AWSCredentials(AWSCredentials&& other) noexcept
: m_accessKeyId(std::move(other.m_accessKeyId)),
m_secretKey(std::move(other.m_secretKey)),
m_sessionToken(std::move(other.m_sessionToken)),
m_expiration(std::move(other.m_expiration)),
m_accountId(std::move(other.m_accountId)),
m_context(std::move(other.m_context))
{
}

/**
* Destructor that securely clears sensitive credential data from memory.
*/
~AWSCredentials()
{
// Securely clear sensitive credential data
if (!m_secretKey.empty())
{
Aws::Security::SecureMemClear(reinterpret_cast<unsigned char*>(&m_secretKey[0]), m_secretKey.size());
}
if (!m_sessionToken.empty())
{
Aws::Security::SecureMemClear(reinterpret_cast<unsigned char*>(&m_sessionToken[0]), m_sessionToken.size());
}
}

/**
* Copy assignment operator that securely clears old credential data before assignment.
*/
AWSCredentials& operator=(const AWSCredentials& other)
{
if (this != &other)
{
// Clear old sensitive data before overwriting
if (!m_secretKey.empty())
{
Aws::Security::SecureMemClear(reinterpret_cast<unsigned char*>(&m_secretKey[0]), m_secretKey.size());
}
if (!m_sessionToken.empty())
{
Aws::Security::SecureMemClear(reinterpret_cast<unsigned char*>(&m_sessionToken[0]), m_sessionToken.size());
}

// Copy all members
m_accessKeyId = other.m_accessKeyId;
m_secretKey = other.m_secretKey;
m_sessionToken = other.m_sessionToken;
m_expiration = other.m_expiration;
m_accountId = other.m_accountId;
m_context = other.m_context;
}
return *this;
}

/**
* Move assignment operator that securely clears old credential data before assignment.
*/
AWSCredentials& operator=(AWSCredentials&& other) noexcept
{
if (this != &other)
{
// Clear old sensitive data before overwriting
if (!m_secretKey.empty())
{
Aws::Security::SecureMemClear(reinterpret_cast<unsigned char*>(&m_secretKey[0]), m_secretKey.size());
}
if (!m_sessionToken.empty())
{
Aws::Security::SecureMemClear(reinterpret_cast<unsigned char*>(&m_sessionToken[0]), m_sessionToken.size());
}

// Move all members
m_accessKeyId = std::move(other.m_accessKeyId);
m_secretKey = std::move(other.m_secretKey);
m_sessionToken = std::move(other.m_sessionToken);
m_expiration = std::move(other.m_expiration);
m_accountId = std::move(other.m_accountId);
m_context = std::move(other.m_context);
}
return *this;
}

bool operator == (const AWSCredentials& other) const
{
return m_accessKeyId == other.m_accessKeyId
Expand Down Expand Up @@ -184,6 +283,11 @@ namespace Aws
*/
inline void SetAWSSecretKey(const Aws::String& secretKey)
{
// Clear old value before setting new one
if (!m_secretKey.empty())
{
Aws::Security::SecureMemClear(reinterpret_cast<unsigned char*>(&m_secretKey[0]), m_secretKey.size());
}
m_secretKey = secretKey;
}

Expand All @@ -192,6 +296,11 @@ namespace Aws
*/
inline void SetSessionToken(const Aws::String& sessionToken)
{
// Clear old value before setting new one
if (!m_sessionToken.empty())
{
Aws::Security::SecureMemClear(reinterpret_cast<unsigned char*>(&m_sessionToken[0]), m_sessionToken.size());
}
m_sessionToken = sessionToken;
}

Expand All @@ -217,6 +326,11 @@ namespace Aws
*/
inline void SetAWSSecretKey(const char* secretKey)
{
// Clear old value before setting new one
if (!m_secretKey.empty())
{
Aws::Security::SecureMemClear(reinterpret_cast<unsigned char*>(&m_secretKey[0]), m_secretKey.size());
}
m_secretKey = secretKey;
}

Expand All @@ -225,6 +339,11 @@ namespace Aws
*/
inline void SetSessionToken(const char* sessionToken)
{
// Clear old value before setting new one
if (!m_sessionToken.empty())
{
Aws::Security::SecureMemClear(reinterpret_cast<unsigned char*>(&m_sessionToken[0]), m_sessionToken.size());
}
m_sessionToken = sessionToken;
}

Expand Down
Loading