The Sodium module is used to encrypt and decrypt secrets in automation workflows where reliability and defensive behavior are required. These workflows often run repeatedly in CI environments, so small per-call costs and weak input boundaries become significant over time.
Request
Current experience
Native interop calls accept input buffers without a consistent managed guard layer, key and ciphertext validation is distributed across commands, and cryptographic constants are repeatedly queried per command invocation. Sensitive intermediate byte arrays can also remain in memory longer than necessary after operation completion.
Desired experience
Native interop boundaries should fail fast on invalid buffer shapes, command paths should initialize Sodium once and reuse fixed-size constants for subsequent calls, and sensitive transient buffers should be cleared after use. Platform/runtime selection should be deterministic and based on process architecture, with clear support validation on Windows runtimes.
User impact
Without these improvements, malformed input can surface as low-level failures instead of clear command errors, repeated invocations pay avoidable overhead, and secret-related buffers can persist in managed memory longer than required.
Acceptance criteria
References
Technical decisions
Interop boundary hardening: Wrap native DllImport calls with managed validation methods to enforce minimum and exact buffer sizes before entering unmanaged code.
DLL search safety: Use constrained native library search paths at import boundaries to reduce unintended library resolution behavior.
Initialization strategy: Add a private Initialize-Sodium function that initializes Sodium once and caches crypto_box_publickeybytes, crypto_box_secretkeybytes, and crypto_box_sealbytes in script scope.
Memory hygiene: Clear sensitive transient buffers (private key, seed, derived seed, plaintext) in finally blocks after operation completion.
Runtime selection: Resolve runtime identifier from process architecture (RuntimeInformation.ProcessArchitecture) rather than external shell probing.
Windows support detection: Validate Visual C++ runtime for the active process architecture and require Installed != 0 plus minimum version compliance.
Build robustness: Update local build orchestration to fail fast when publish fails for a runtime target to avoid cascading copy-stage errors.
Test strategy: Extend Pester with explicit negative-path assertions for short sealed box inputs and wrong-length private keys.
Implementation plan
Native bridge
PowerShell module behavior
Build and test
The Sodium module is used to encrypt and decrypt secrets in automation workflows where reliability and defensive behavior are required. These workflows often run repeatedly in CI environments, so small per-call costs and weak input boundaries become significant over time.
Request
Current experience
Native interop calls accept input buffers without a consistent managed guard layer, key and ciphertext validation is distributed across commands, and cryptographic constants are repeatedly queried per command invocation. Sensitive intermediate byte arrays can also remain in memory longer than necessary after operation completion.
Desired experience
Native interop boundaries should fail fast on invalid buffer shapes, command paths should initialize Sodium once and reuse fixed-size constants for subsequent calls, and sensitive transient buffers should be cleared after use. Platform/runtime selection should be deterministic and based on process architecture, with clear support validation on Windows runtimes.
User impact
Without these improvements, malformed input can surface as low-level failures instead of clear command errors, repeated invocations pay avoidable overhead, and secret-related buffers can persist in managed memory longer than required.
Acceptance criteria
ConvertFrom-SodiumSealedBoxrejects ciphertext shorter thancrypto_box_sealbyteswith a clear validation error.Get-SodiumPublicKeyvalidates private key byte length before key derivation and emits a clear error on mismatch.References
Technical decisions
Interop boundary hardening: Wrap native
DllImportcalls with managed validation methods to enforce minimum and exact buffer sizes before entering unmanaged code.DLL search safety: Use constrained native library search paths at import boundaries to reduce unintended library resolution behavior.
Initialization strategy: Add a private
Initialize-Sodiumfunction that initializes Sodium once and cachescrypto_box_publickeybytes,crypto_box_secretkeybytes, andcrypto_box_sealbytesin script scope.Memory hygiene: Clear sensitive transient buffers (
private key,seed,derived seed,plaintext) infinallyblocks after operation completion.Runtime selection: Resolve runtime identifier from process architecture (
RuntimeInformation.ProcessArchitecture) rather than external shell probing.Windows support detection: Validate Visual C++ runtime for the active process architecture and require
Installed != 0plus minimum version compliance.Build robustness: Update local build orchestration to fail fast when publish fails for a runtime target to avoid cascading copy-stage errors.
Test strategy: Extend Pester with explicit negative-path assertions for short sealed box inputs and wrong-length private keys.
Implementation plan
Native bridge
libsodium.PowerShell module behavior
Initialize-Sodiumhelper and adopt it in public functions.finallyblocks where applicable.Build and test