go/doc/next/6-stdlib/1-secret.md

### New secret package

<!-- https://go.dev/issue/21865 --->

The new [secret](/pkg/runtime/secret) package is available as an experiment.
It provides a facility for securely erasing temporaries used in
code that manipulates secret information, typically cryptographic in nature.
Users can access it by passing `GOEXPERIMENT=runtimesecret` at build time.

<!-- if we land any code that uses runtimesecret for forward secrecy
like crypto/tls, mention them here too -->

The secret.Do function runs its function argument and then erases all
temporary storage (registers, stack, new heap allocations) used by
that function argument. Heap storage is not erased until that storage
is deemed unreachable by the garbage collector, which might take some
time after secret.Do completes.

This package is intended to make it easier to ensure [forward
secrecy](https://en.wikipedia.org/wiki/Forward_secrecy).
runtime/secret: implement new secret package Implement secret.Do. - When secret.Do returns: - Clear stack that is used by the argument function. - Clear all the registers that might contain secrets. - On stack growth in secret mode, clear the old stack. - When objects are allocated in secret mode, mark them and then zero the marked objects immediately when they are freed. - If the argument function panics, raise that panic as if it originated from secret.Do. This removes anything about the secret function from tracebacks. For now, this is only implemented on linux for arm64 and amd64. This is a rebased version of Keith Randalls initial implementation at CL 600635. I have added arm64 support, signal handling, preemption handling and dealt with vDSOs spilling into system stacks. Fixes #21865 Change-Id: I6fbd5a233beeaceb160785e0c0199a5c94d8e520 Co-authored-by: Keith Randall <khr@golang.org> Reviewed-on: https://go-review.googlesource.com/c/go/+/704615 Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> 2025-09-25 17:26:03 +01:00			`### New secret package`

			`<!-- https://go.dev/issue/21865 --->`

			`The new [secret](/pkg/runtime/secret) package is available as an experiment.`
			`It provides a facility for securely erasing temporaries used in`
			`code that manipulates secret information, typically cryptographic in nature.`
			Users can access it by passing `GOEXPERIMENT=runtimesecret` at build time.

			`<!-- if we land any code that uses runtimesecret for forward secrecy`
			`like crypto/tls, mention them here too -->`

			`The secret.Do function runs its function argument and then erases all`
			`temporary storage (registers, stack, new heap allocations) used by`
			`that function argument. Heap storage is not erased until that storage`
			`is deemed unreachable by the garbage collector, which might take some`
			`time after secret.Do completes.`

			`This package is intended to make it easier to ensure [forward`
			`secrecy](https://en.wikipedia.org/wiki/Forward_secrecy).`