From acb747973cbd05c3809121db39654b3c424309382c3582eaa8bd17970f6fa9d7 Mon Sep 17 00:00:00 2001
From: "Marc S. Weidner" <msw@coresecret.dev>
Date: Fri, 7 Nov 2025 20:57:26 +0100
Subject: [PATCH] V8.13.392.2025.11.07

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
---
 lib/lib_check_secrets.sh | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/lib/lib_check_secrets.sh b/lib/lib_check_secrets.sh
index dc98933..93f8500 100644
--- a/lib/lib_check_secrets.sh
+++ b/lib/lib_check_secrets.sh
@@ -27,10 +27,22 @@ x_remove() {
 
   shopt -s nullglob dotglob
 
-  ### Removes secrets securely.
-  # shellcheck disable=SC2312
-  find "${VAR_TMP_SECRET}" -xdev -type f -print0 | xargs -0 --no-run-if-empty shred -fzu -n 5 --
-  find "${VAR_TMP_SECRET}" -xdev -depth -type d -empty -delete
+  if [[ "${VAR_SIGNER}" == "true" ]]; then
+
+    # shellcheck disable=SC2312
+    find "${VAR_TMP_SECRET}" -xdev -type f \
+      ! -path "${VAR_TMP_SECRET}/signing_key_pass.txt" \
+      -print0 \
+      | xargs -0 --no-run-if-empty shred -fzu -n 5 --
+
+  else
+
+    ### Removes secrets securely.
+    # shellcheck disable=SC2312
+    find "${VAR_TMP_SECRET}" -xdev -type f -print0 | xargs -0 --no-run-if-empty shred -fzu -n 5 --
+    find "${VAR_TMP_SECRET}" -xdev -depth -type d -empty -delete
+
+  fi
 
   shopt -u nullglob dotglob