來自 KMS 操作的文檔GenerateDataKey https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.htmlWe recommend that you use the following pattern to encrypt data locally in your application:Use the GenerateDataKey operation to get a data encryption key.Use the plaintext data key (returned in the Plaintext field of the response) to encrypt data locally, then erase the plaintext data key from memory.這段代碼是否足以確保明文密鑰在使用完畢后已從內存中刪除。const aws = require("aws-sdk");const kms = new aws.KMS({...config});(async () => {    /** {Plaintext: Buffer, CiphertextBlob: Buffer} **/    let dataKey = await kms.generateDataKey({...options}).promise();    let encryptedString = MyEncryptionFunction(dataKey.Plaintext, "Hello World");    dataKey.Plaintext.fill(0); //overwrite the buffer with zeroes to erase from memory;})();function MyEncryptionFunction(key, dataString) {    let iv = crypto.randomBytes(16);    let cipher = crypto.createCipheriv("aes256", key, iv);    return cipher.update(dataString, "utf8", "hex") + cipher.final("hex");}假設 aws sdk 不會將密鑰泄漏/復制到內存的其他部分是否安全，并且與createCipheriv內置加密庫的功能相同，因此只需Plaintext用零覆蓋緩沖區就足以從內存中擦除密鑰？