store/cli: deduplicate shred helper (task 400)

author: Paul Buetow <paul@buetow.org> 2026-03-02 10:54:03 +0200
committer: Paul Buetow <paul@buetow.org> 2026-03-02 10:54:03 +0200
commit: 88f6ca2fb24973b78afe76f82ea86171e40fccff (patch)
tree: 2ed7a46fd36fb37fc6a5a3b7037a41b75592e81e /internal/store/store.go
parent: 1bd6d282d2352870e68654afca3fa4a4ea7195ea (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/internal/store/store.go b/internal/store/store.go
index 9acb52d..b92f011 100644
--- a/internal/store/store.go
+++ b/internal/store/store.go
@@ -555,7 +555,7 @@ func (s *Store) ShredAllExported(ctx context.Context) error {
 		if err != nil || !info.Mode().IsRegular() {
 			continue
 		}
-		if err := shredFile(ctx, entry); err != nil {
+		if err := ShredFile(ctx, entry); err != nil {
 			// Record the error but keep shredding — security demands best-effort
 			// destruction of all exported secrets even if one fails.
 			lastErr = err
@@ -564,9 +564,9 @@ func (s *Store) ShredAllExported(ctx context.Context) error {
 	return lastErr
 }
 
-// shredFile destroys a single file using shred(1) if available, or rm -Pfv.
+// ShredFile destroys a single file using shred(1) if available, or rm -Pfv.
 // This mirrors Ruby's Geheim#shred_file method.
-func shredFile(ctx context.Context, filePath string) error {
+func ShredFile(ctx context.Context, filePath string) error {
 	if _, err := exec.LookPath("shred"); err == nil {
 		cmd := exec.CommandContext(ctx, "shred", "-vu", filePath)
 		cmd.Stdout = io.Discard
author	Paul Buetow <paul@buetow.org>	2026-03-02 10:54:03 +0200
committer	Paul Buetow <paul@buetow.org>	2026-03-02 10:54:03 +0200
commit	88f6ca2fb24973b78afe76f82ea86171e40fccff (patch)
tree	2ed7a46fd36fb37fc6a5a3b7037a41b75592e81e /internal/store/store.go
parent	1bd6d282d2352870e68654afca3fa4a4ea7195ea (diff)