From 7c6cdc6f3fa693c4caee5c83dd35037af2560eff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?H=C3=A9ctor=20Molinero=20Fern=C3=A1ndez?=
 <hector@molinero.dev>
Date: Tue, 1 Jun 2021 20:58:07 +0200
Subject: [PATCH] Avoid exporting variables with secrets

---
 scripts/bin/container-init | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/bin/container-init b/scripts/bin/container-init
index 43f619f..7099cb5 100755
--- a/scripts/bin/container-init
+++ b/scripts/bin/container-init
@@ -108,7 +108,7 @@ openssl x509 -in "${XRDP_TLS_CRT_PATH:?}" -noout -fingerprint -sha1
 openssl x509 -in "${XRDP_TLS_CRT_PATH:?}" -noout -fingerprint -sha256
 
 # Dump environment variables
-env | grep -Ev '^(PWD|HOME|USER|USERNAME|SHELL|TERM|SHLVL)=' | sort > /etc/environment
+env | grep -Ev '^(PWD|OLDPWD|HOME|USER|SHELL|TERM|([^=]*(PASSWORD|SECRET)[^=]*))=' | sort > /etc/environment
 
 # Start runit
 exec tini -- runsvdir -P /etc/service/