Secure Memory Protection¶
StormTunnel automatically protects sensitive data in memory.
How It Works¶
Sensitive data like SSH keys and passwords receive special handling:
| Protection | Description |
|---|---|
| Zeroization | Data is overwritten (not just deleted) when no longer needed |
| Memory isolation | Sensitive data is separated from other application data |
| Automatic cleanup | Credentials are erased immediately after use |
| Crash protection | Emergency cleanup prevents data exposure during crashes |
All protection is automatic—no configuration required.
What's Protected¶
- SSH private keys and passphrases
- Tunnel passwords
- Session tokens
- Sensitive configuration data
Privacy Guarantees¶
- Local only - Sensitive data never leaves your Mac
- No cloud storage - Keys and passwords aren't uploaded anywhere
- No telemetry - Security operations aren't tracked
Best Practices¶
While StormTunnel protects your data automatically, these habits improve security:
- Prefer SSH keys over passwords - Keys are more secure
- Use ED25519 keys - Modern and recommended
- Protect keys with passphrases - Adds another layer of security
- Keep StormTunnel updated - Get the latest security improvements
- Enable FileVault - Protects data when your Mac is off
Related¶
- SSH Key Management - Manage your SSH keys
- Two-Factor Authentication - Additional security
- Authentication - Authentication options