diff --git a/Cargo.lock b/Cargo.lock
index f26d3a7..5e66bb8 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -444,7 +444,7 @@ dependencies = [
 
 [[package]]
 name = "local-mini-kms"
-version = "0.1.1"
+version = "0.2.0"
 dependencies = [
  "base64",
  "clap",
@@ -454,6 +454,7 @@ dependencies = [
  "lazy_static",
  "rusqlite",
  "rust_util",
+ "secmem-proc",
  "serde",
  "serde_derive",
  "serde_json",
@@ -713,6 +714,18 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"
 
+[[package]]
+name = "secmem-proc"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5b291669c8562407a90242395b35409c070f748c64268ed7c837bd0550c4dec5"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "thiserror",
+ "winapi",
+]
+
 [[package]]
 name = "serde"
 version = "1.0.138"
diff --git a/Cargo.toml b/Cargo.toml
index a09fca9..a2d0500 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "local-mini-kms"
-version = "0.1.1"
+version = "0.2.0"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
@@ -16,6 +16,7 @@ serde_derive = "1.0"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 josekit = "0.8.1"
+secmem-proc = "0.1.1"
 rust_util = { version = "0.6", features = ["use_clap"] }
 tokio = { version = "1.19", features = ["full"] }
 hyper = { version = "0.14.20", features = ["client", "server", "tcp", "http1", "http2"] }
diff --git a/src/main.rs b/src/main.rs
index 4015375..8a9afe4 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,5 +1,5 @@
 use clap::{App, AppSettings, ArgMatches};
-use rust_util::{failure_and_exit, information};
+use rust_util::{failure_and_exit, information, success, warning};
 use rust_util::util_clap::{Command, CommandError};
 
 mod db;
@@ -20,6 +20,16 @@ impl DefaultCommandImpl {
 }
 
 fn main() {
+    let ignore_harden_process_error = std::env::var("IGNORE_HARDEN_PROCESS_ERROR")
+        .map(|v| &v == "true").unwrap_or_else(|_| false);
+    match secmem_proc::harden_process() {
+        Err(e) => if ignore_harden_process_error {
+            warning!("Harden local-mini-kms failed: {}", e);
+        } else {
+            failure_and_exit!("Harden local-mini-kms failed: {}", e);
+        }
+        Ok(_) => success!("Harden local-mini-kms success"),
+    }
     if let Err(e) = inner_main() {
         failure_and_exit!("Run local-mini-kms error: {}", e);
     }