V9.14.024.2026.06.11
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -33,12 +33,16 @@ x_remove() {
|
||||
|
||||
shopt -s nullglob dotglob
|
||||
|
||||
### Collect exact currently available secret values before removing their source files.
|
||||
### Log rewriting is intentionally deferred to the final trap after xtrace has been stopped.
|
||||
collect_debug_secret_values || true
|
||||
|
||||
if [[ "${VAR_SIGNER}" == "true" ]]; then
|
||||
|
||||
# shellcheck disable=SC2312
|
||||
find "${VAR_TMP_SECRET}" -xdev -type f \
|
||||
! -path "${VAR_TMP_SECRET}/signing_key_pass.txt" \
|
||||
! -path "${VAR_TMP_SECRET}/luks.txt" \
|
||||
! -path "${VAR_TMP_SECRET}/${VAR_SIGNING_KEY_PASS:-signing_key_pass.txt}" \
|
||||
! -path "${VAR_TMP_SECRET}/${VAR_LUKS_KEY:-luks.txt}" \
|
||||
-print0 \
|
||||
| xargs -0 --no-run-if-empty shred -fzu -n 5 --
|
||||
|
||||
|
||||
Reference in New Issue
Block a user