From 1bf2f12343e05e5a7784b1cce75ebc3926957f9e Mon Sep 17 00:00:00 2001
From: Chris Duncan <chris@zoso.dev>
Date: Fri, 8 Aug 2025 14:36:00 -0700
Subject: [PATCH] Erase encoded secrets after encrypting them.

---
 src/lib/safe.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/lib/safe.ts b/src/lib/safe.ts
index 5b965bc..c971827 100644
--- a/src/lib/safe.ts
+++ b/src/lib/safe.ts
@@ -363,6 +363,7 @@ export class Safe {
 		const additionalData = utf8.toBytes(this.#type)
 		const encoded = new Uint8Array([...seed, ...mnemonic])
 		const encrypted = await crypto.subtle.encrypt({ name: 'AES-GCM', iv, additionalData }, key, encoded)
+		encoded.fill(0)
 		return { iv, encrypted }
 	}
 
-- 
2.47.3