diff --git a/packages/rs-scripts/Cargo.toml b/packages/rs-scripts/Cargo.toml
index dc639760994..18bb06e33b9 100644
--- a/packages/rs-scripts/Cargo.toml
+++ b/packages/rs-scripts/Cargo.toml
@@ -15,4 +15,3 @@ base64 = "0.22"
 chrono = "0.4"
 hex = "0.4"
 clap = { version = "4", features = ["derive"] }
-serde_json = "1"
diff --git a/packages/rs-sdk-ffi/src/crypto/mod.rs b/packages/rs-sdk-ffi/src/crypto/mod.rs
index 91c5579facc..4ab971d8199 100644
--- a/packages/rs-sdk-ffi/src/crypto/mod.rs
+++ b/packages/rs-sdk-ffi/src/crypto/mod.rs
@@ -4,6 +4,7 @@ use crate::{DashSDKError, DashSDKErrorCode, DashSDKResult};
 use dash_sdk::dpp::dashcore::Network;
 use dash_sdk::dpp::identity::KeyType;
 use std::ffi::{c_char, CStr};
+use zeroize::Zeroizing;
 
 /// Validate that a private key corresponds to a public key using DPP's public_key_data_from_private_key_data
 ///
@@ -65,7 +66,7 @@ pub unsafe extern "C" fn dash_sdk_validate_private_key_for_public_key(
         }
     };
 
-    let mut key_array = [0u8; 32];
+    let mut key_array = Zeroizing::new([0u8; 32]);
     key_array.copy_from_slice(&private_key_bytes);
 
     // Parse key type
@@ -176,7 +177,7 @@ pub unsafe extern "C" fn dash_sdk_private_key_to_wif(
         Network::Mainnet
     };
 
-    let mut key_array = [0u8; 32];
+    let mut key_array = Zeroizing::new([0u8; 32]);
     key_array.copy_from_slice(&private_key_bytes);
     match dash_sdk::dpp::dashcore::PrivateKey::from_byte_array(&key_array, network) {
         Ok(private_key) => {
@@ -244,7 +245,7 @@ pub unsafe extern "C" fn dash_sdk_public_key_data_from_private_key_data(
         }
     };
 
-    let mut key_array = [0u8; 32];
+    let mut key_array = Zeroizing::new([0u8; 32]);
     key_array.copy_from_slice(&private_key_bytes);
 
     // Parse key type
diff --git a/packages/rs-sdk-ffi/src/signer_simple.rs b/packages/rs-sdk-ffi/src/signer_simple.rs
index f7156e7a157..67bff492ff8 100644
--- a/packages/rs-sdk-ffi/src/signer_simple.rs
+++ b/packages/rs-sdk-ffi/src/signer_simple.rs
@@ -6,6 +6,7 @@ use dash_sdk::dpp::dashcore::Network;
 use dash_sdk::dpp::identity::signer::Signer;
 use dash_sdk::dpp::identity::{IdentityPublicKey, KeyType, Purpose, SecurityLevel};
 use simple_signer::SingleKeySigner;
+use zeroize::Zeroizing;
 
 /// Create a signer from a private key
 ///
@@ -32,9 +33,9 @@ pub unsafe extern "C" fn dash_sdk_signer_create_from_private_key(
         ));
     }
 
-    // Convert the pointer to an array
+    // Convert the pointer to an array (zeroized on drop to avoid key material lingering on stack)
     let key_slice = std::slice::from_raw_parts(private_key, 32);
-    let mut key_array: [u8; 32] = [0; 32];
+    let mut key_array = Zeroizing::new([0u8; 32]);
     key_array.copy_from_slice(key_slice);
 
     // network won't matter here