SkyperTHC
commented
1 year ago destruct or seppuku now part of v0.4.7
Closed SkyperTHC closed 1 year ago
SkyperTHC
commented
1 year ago destruct or seppuku now part of v0.4.7
theaog
commented
1 year ago can't they just do find /sec -delete before shutting down?
seems like hand-holding the user to me
theaog
commented
1 year ago also the destruct script does rm -rf /sec/* 2>/dev/null which won't erase hidden files
consider changing to find /sec/ -delete
The user can shut down the container with
haltbut this still leaves the encrypted data around. No IP data is logged and there are no other logs around but the encrypted data is still on the storage. That means an attacker could 'start' the container and access the data if the secret ever leaks in the future.At the moment old encrypted data is 'cleansed' after an expiration date (around 6 month if the container is not being used).
There is the wish to give the user control to 'instantly' wipe the entire encrypted data.
Feature can be implemented via RPC.