Description

Once a secret is stored in the Vault resource, there is no way to delete or rotate it through the contract. Although set_secret can be fixed to allow updates, there is still no mechanism to clear the resource or revoke a previously set value. This means the data remains permanently associated with the account. In practice, this prevents users from discarding stale or compromised information, and forces them to carry forward secrets they no longer wish to keep. From a security perspective, rotation and removal are standard features of any system that manages sensitive information, so their absence weakens the design.

Root Cause

• The module defines only set_secret (write) and get_secret (read).

• No function exists to move_from<Vault> or reset its state.

Risk

Likelihood:

• Over time, most users will want to rotate or clear old secrets, but will find it impossible.

• Since blockchain storage is immutable and all data is permanent, this missing feature will surface in normal long-term use cases rather than every transaction.

Impact:

• Inability to delete: Users cannot erase secrets they no longer need.

• Weak operational security: Compromised secrets remain on-chain without recourse.

• Inflexibility: No support for lifecycle management, undermining safe long-term usage.

  
  

Recommended Mitigation

Introduce a delete_secret function that allows the owner to clear their vault: