Erase encoded secrets after encrypting them.

diff --git a/src/lib/safe.ts b/src/lib/safe.ts
index 5b965bcae1d0d7107f1a45fc1298b9155e65040e..c9718276fca83df07cdc913a9eedc9365edd6067 100644 (file)
--- a/src/lib/safe.ts
+++ b/src/lib/safe.ts
@@ -363,6 +363,7 @@ export class Safe {
                const additionalData = utf8.toBytes(this.#type)
                const encoded = new Uint8Array([...seed, ...mnemonic])
                const encrypted = await crypto.subtle.encrypt({ name: 'AES-GCM', iv, additionalData }, key, encoded)
+               encoded.fill(0)
                return { iv, encrypted }
        }