diff --git a/spec/sodium/crypto_box/secret_key_spec.cr b/spec/sodium/crypto_box/secret_key_spec.cr
index 2baa32d..be1834b 100644
--- a/spec/sodium/crypto_box/secret_key_spec.cr
+++ b/spec/sodium/crypto_box/secret_key_spec.cr
@@ -40,14 +40,16 @@ describe Sodium::CryptoBox::SecretKey do
     key2 = key1.key.readonly do |ks|
       Sodium::CryptoBox::SecretKey.new ks, key1.public_key.to_slice
     end
-    key1.to_slice.should eq key2.to_slice
+    key1.key.should eq key2.key
     key1.public_key.to_slice.should eq key2.public_key.to_slice
   end
 
   it "recomputes the public_key" do
     key1 = Sodium::CryptoBox::SecretKey.new
-    key2 = Sodium::CryptoBox::SecretKey.new key1.to_slice
-    key1.to_slice.should eq key2.to_slice
+    key2 = key1.key.readonly do |ks|
+      Sodium::CryptoBox::SecretKey.new ks
+    end
+    key1.key.should eq key2.key
     key1.public_key.to_slice.should eq key2.public_key.to_slice
   end
 
@@ -55,7 +57,7 @@ describe Sodium::CryptoBox::SecretKey do
     seed = Bytes.new Sodium::CryptoBox::SecretKey::SEED_SIZE
     key1 = Sodium::CryptoBox::SecretKey.new seed: seed
     key2 = Sodium::CryptoBox::SecretKey.new seed: seed
-    key1.to_slice.should eq key2.to_slice
+    key1.key.should eq key2.key
     key1.public_key.to_slice.should eq key2.public_key.to_slice
   end
 
diff --git a/spec/sodium/kdf_spec.cr b/spec/sodium/kdf_spec.cr
index 4185a6b..8a34a84 100644
--- a/spec/sodium/kdf_spec.cr
+++ b/spec/sodium/kdf_spec.cr
@@ -8,7 +8,11 @@ describe Sodium::Kdf do
     kdf1 = Sodium::Kdf.new
 
     # verify loading saved key
-    kdf2 = Sodium::Kdf.new kdf1.to_slice.dup
+    kdf2 = kdf1.key.readonly do |kslice|
+      Sodium::Kdf.new kslice.dup
+    end
+
+    kdf1.key.should eq kdf2.key
 
     # verify generated subkey's are the same after loading
     key1_s1 = kdf1.derive CONTEXT, 0, 16
diff --git a/spec/sodium/secure_buffer_spec.cr b/spec/sodium/secure_buffer_spec.cr
index af1d2c0..c5a5e3c 100644
--- a/spec/sodium/secure_buffer_spec.cr
+++ b/spec/sodium/secure_buffer_spec.cr
@@ -21,23 +21,6 @@ describe Sodium::SecureBuffer do
     buf.readwrite
   end
 
-  it "copies and erases" do
-    bytes = Bytes.new(5) { 1_u8 }
-
-    buf = Sodium::SecureBuffer.new bytes, erase: true
-    buf.readonly do |slice|
-      slice.bytesize.should eq 5
-
-      slice.each do |b|
-        b.should eq 1_u8
-      end
-    end
-
-    bytes.to_slice.each do |b|
-      b.should eq 0_u8
-    end
-  end
-
   it "dups without crashing" do
     buf1 = Sodium::SecureBuffer.new 5
     buf1.noaccess
diff --git a/src/sodium/kdf.cr b/src/sodium/kdf.cr
index e922088..0fc4f6a 100644
--- a/src/sodium/kdf.cr
+++ b/src/sodium/kdf.cr
@@ -36,9 +36,10 @@ module Sodium
     CONTEXT_SIZE = LibSodium.crypto_kdf_contextbytes
 
     # Returns key
-    delegate_to_slice to: @sbuf
+    @[Deprecated("Use .key instead")]
+    delegate_to_slice to: @key
 
-    @sbuf : Crypto::Secret
+    getter key : Crypto::Secret
 
     # Use an existing KDF key.
     #
@@ -49,22 +50,22 @@ module Sodium
         raise ArgumentError.new("bytes must be #{KEY_SIZE}, got #{bytes.bytesize}")
       end
 
-      @sbuf = SecureBuffer.new(bytes, erase).noaccess
+      @key = SecureBuffer.new(bytes, erase).noaccess
     end
 
     # Use an existing KDF Crypto::Secret key.
-    def initialize(@sbuf : Crypto::Secret)
-      if @sbuf.bytesize != KEY_SIZE
-        raise ArgumentError.new("bytes must be #{KEY_SIZE}, got #{sbuf.bytesize}")
+    def initialize(@key : Crypto::Secret)
+      if @key.bytesize != KEY_SIZE
+        raise ArgumentError.new("bytes must be #{KEY_SIZE}, got #{@key.bytesize}")
       end
-      @sbuf.noaccess
+      @key.noaccess
     end
 
     # Generate a new random KDF key.
     #
     # Make sure to save kdf.to_slice before kdf goes out of scope.
     def initialize
-      @sbuf = SecureBuffer.random(KEY_SIZE).noaccess
+      @key = SecureBuffer.random(KEY_SIZE).noaccess
     end
 
     # Derive a consistent subkey based on `context` and `subkey_id`.
@@ -82,7 +83,7 @@ module Sodium
 
       subkey = SecureBuffer.new subkey_size
       subkey.readwrite do |sub_slice|
-        @sbuf.readonly do |sslice|
+        @key.readonly do |sslice|
           if (ret = LibSodium.crypto_kdf_derive_from_key(sub_slice, sub_slice.bytesize, subkey_id, context, sslice)) != 0
             raise Sodium::Error.new("crypto_kdf_derive_from_key returned #{ret} (subkey size is probably out of range)")
           end
diff --git a/src/sodium/secure_buffer.cr b/src/sodium/secure_buffer.cr
index 13539b0..97c717f 100644
--- a/src/sodium/secure_buffer.cr
+++ b/src/sodium/secure_buffer.cr
@@ -22,7 +22,9 @@ module Sodium
     # Returns a **readonly** SecureBuffer.
     def initialize(bytes : Bytes, erase = false)
       initialize bytes.bytesize
-      bytes.copy_to self.to_slice
+      readwrite do |slice|
+        slice.copy_from bytes
+      end
       Sodium.memzero(bytes) if erase
       readonly
     end