kamal remove does not delete the accessory env files that contain secrets.

[orehmane]

Apologies for creating 2 issues in quick succession, but I noticed them at pretty much the same time.

If you have secret env vars, they are deployed through an env file to the server. The issue is that kamal remove does not delete them, potentially leaving sensitive data on a server that is supposed to be "removed". I'm quite strapped for time, but would be happy to try to fix this myself if that would help.

Would that be desired behavior?

[djmb]

Do you have more details?

The secrets for an app are stored in ~/.kamal/apps/<app-name>/env and the entire ~/.kamal/apps/<app-name> directory should be removed when calling kamal remove.

[orehmane]

I just tested it again. I have 2 web nodes, 1 job node, and 1 accessory, the database.

I ran kamal remove and responded y when it asked if I was sure.

• For the web and job nodes, the .kamal directory remains, though .kamal/apps is empty.
• For the db accessory node, .kamal/apps/<app-name>/env/accessories/db.env remains, and still has all the secret values.