Techniques for reducing compromise of sensitive data in a virtual machine are described. During initiation of a secure string instance of a program module in memory allocated to the virtual machine, the program module can receive sensitive data in plaintext and retrieves parameters sourced from outside the allocated memory. During the execution of the program module, the sensitive data can be encrypted using a key based on the parameters to obtain encrypted data. The program module can overwrite the sensitive data with the encrypted data. The program module can receive a trigger to send a message that is generated using the sensitive data. The encrypted data can be decrypted using the key based on the parameters to obtain the sensitive data. After encryption and decryption, the program module can generate the message using the sensitive data and overwrite the sensitive data and the parameters used to encrypt the sensitive data.