Hello @rnewman - Thanks for getting in touch about SQLCipher.
Right now SQLCipher does not make an attempt to sanitize all memory allocated and used by the SQLite database code, instead focusing on sanitizing all allocations made by SQLCipher internally and of course securing data files themselves.
That said, one approach that we’ve recommended in the past for those particularly concerned with page cache is to simply disable it, e.g.
pragma cache_size=0. Note however that there are other avenues for data to end up elsewhere outside of page cache, e.g. via memory-based temp tables, API allocations (e.g. used for returning values to the application), application front-end code, UI libraries, etc. Another option would be to use an application defined allocator, though then there can still be concerns about paging, etc.
Suffice it to say that complete sanitization is difficult in practice. However, we will look into improvements related to memory allocation/deallocation in upstream code as an improvement for a future release.