Closed SkyperTHC closed 1 year ago
destruct
or seppuku
now part of v0.4.7
can't they just do find /sec -delete
before shutting down?
seems like hand-holding the user to me
also the destruct script does rm -rf /sec/* 2>/dev/null
which won't erase hidden files
consider changing to find /sec/ -delete
The user can shut down the container with
halt
but this still leaves the encrypted data around. No IP data is logged and there are no other logs around but the encrypted data is still on the storage. That means an attacker could 'start' the container and access the data if the secret ever leaks in the future.At the moment old encrypted data is 'cleansed' after an expiration date (around 6 month if the container is not being used).
There is the wish to give the user control to 'instantly' wipe the entire encrypted data.
Feature can be implemented via RPC.