kamal icon indicating copy to clipboard operation
kamal copied to clipboard

Published 20 hours ago verified publisher icon basecamp

`kamal remove` does not delete the accessory env files that contain secrets.

Open orehmane opened this issue 8 months ago • 2 comments

Apologies for creating 2 issues in quick succession, but I noticed them at pretty much the same time.

If you have secret env vars, they are deployed through an env file to the server. The issue is that kamal remove does not delete them, potentially leaving sensitive data on a server that is supposed to be "removed". I'm quite strapped for time, but would be happy to try to fix this myself if that would help.

Would that be desired behavior?

orehmane avatar Mar 25 '25 06:03 orehmane

Do you have more details?

The secrets for an app are stored in ~/.kamal/apps/<app-name>/env and the entire ~/.kamal/apps/<app-name> directory should be removed when calling kamal remove.

djmb avatar Apr 21 '25 13:04 djmb

I just tested it again. I have 2 web nodes, 1 job node, and 1 accessory, the database.

I ran kamal remove and responded y when it asked if I was sure.

  • For the web and job nodes, the .kamal directory remains, though .kamal/apps is empty.
  • For the db accessory node, .kamal/apps/<app-name>/env/accessories/db.env remains, and still has all the secret values.

orehmane avatar Apr 22 '25 01:04 orehmane