diff options
| -rw-r--r-- | internal/cli/cli.go | 17 | ||||
| -rw-r--r-- | internal/cli/cli_test.go | 8 | ||||
| -rw-r--r-- | internal/store/store.go | 6 |
3 files changed, 8 insertions, 23 deletions
diff --git a/internal/cli/cli.go b/internal/cli/cli.go index 7152496..b6d47fc 100644 --- a/internal/cli/cli.go +++ b/internal/cli/cli.go @@ -565,7 +565,7 @@ func (c *CLI) makeActionFn(ctx context.Context, action store.Action) func(contex } // Shred the exported file immediately after opening — mirrors Ruby's // `shred_file(file: open_exported(...), delay: 0)` call. - return shredFile(ctx, path) + return store.ShredFile(ctx, path) } case store.ActionEdit: @@ -665,21 +665,6 @@ func externalEdit(ctx context.Context, exportDir, editCmd, file string) error { return nil } -// shredFile destroys a single file using shred(1) if available, or rm -Pfv. -// Used after ActionOpen to ensure exported secrets do not linger on disk. -func shredFile(ctx context.Context, path string) error { - if _, err := exec.LookPath("shred"); err == nil { - cmd := exec.CommandContext(ctx, "shred", "-vu", path) - cmd.Stdout = io.Discard - cmd.Stderr = io.Discard - return cmd.Run() - } - cmd := exec.CommandContext(ctx, "rm", "-Pfv", path) - cmd.Stdout = io.Discard - cmd.Stderr = io.Discard - return cmd.Run() -} - // printHelp prints a brief usage summary, mirroring the Ruby CLI#help output. func printHelp() { logMsg(`ls diff --git a/internal/cli/cli_test.go b/internal/cli/cli_test.go index 2ad52db..39c79aa 100644 --- a/internal/cli/cli_test.go +++ b/internal/cli/cli_test.go @@ -134,7 +134,7 @@ func TestPrintHelp(t *testing.T) { } } -// TestShredFileCli verifies that shredFile removes a temporary file. +// TestShredFileCli verifies that store.ShredFile removes a temporary file. // It uses a temp file so no live data is affected. func TestShredFileCli(t *testing.T) { dir := t.TempDir() @@ -144,12 +144,12 @@ func TestShredFileCli(t *testing.T) { } ctx := t.Context() - if err := shredFile(ctx, target); err != nil { - t.Fatalf("shredFile: %v", err) + if err := store.ShredFile(ctx, target); err != nil { + t.Fatalf("ShredFile: %v", err) } if _, err := os.Stat(target); err == nil { - t.Errorf("file %q still exists after shredFile", target) + t.Errorf("file %q still exists after ShredFile", target) } } diff --git a/internal/store/store.go b/internal/store/store.go index 9acb52d..b92f011 100644 --- a/internal/store/store.go +++ b/internal/store/store.go @@ -555,7 +555,7 @@ func (s *Store) ShredAllExported(ctx context.Context) error { if err != nil || !info.Mode().IsRegular() { continue } - if err := shredFile(ctx, entry); err != nil { + if err := ShredFile(ctx, entry); err != nil { // Record the error but keep shredding — security demands best-effort // destruction of all exported secrets even if one fails. lastErr = err @@ -564,9 +564,9 @@ func (s *Store) ShredAllExported(ctx context.Context) error { return lastErr } -// shredFile destroys a single file using shred(1) if available, or rm -Pfv. +// ShredFile destroys a single file using shred(1) if available, or rm -Pfv. // This mirrors Ruby's Geheim#shred_file method. -func shredFile(ctx context.Context, filePath string) error { +func ShredFile(ctx context.Context, filePath string) error { if _, err := exec.LookPath("shred"); err == nil { cmd := exec.CommandContext(ctx, "shred", "-vu", filePath) cmd.Stdout = io.Discard |