- Changed EncryptWithPassphrase to accept *memguard.LockedBuffer instead of []byte
- Updated all callers to pass LockedBuffer:
- CreatePassphraseUnlocker in vault/unlockers.go
- Keychain unlocker in keychainunlocker.go
- Tests in passphrase_test.go
- Removed intermediate dataBuffer creation since data is now already protected
- This ensures sensitive data is protected in memory throughout encryption
sneak
eef2332823