From fb34a0834c513536a199e5478690d8dc36ce008e Mon Sep 17 00:00:00 2001
From: Martin Puppe <dev@mpuppe.de>
Date: Mon, 8 Feb 2021 11:04:21 +0100
Subject: [PATCH] Restrict file access before writing secrets

---
 secrets | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/secrets b/secrets
index 8e440bd..dace9b5 100755
--- a/secrets
+++ b/secrets
@@ -99,6 +99,8 @@ rm -rf "$basedir"/*
 
 while read name; do
     fullpath="$basedir/$name"
+    touch "$fullpath"
+    chmod 600 "$fullpath"
     read size
     head --bytes="$size" - > "$fullpath"
     read owner