A secure drop-in replacement for rm(1) with multi-pass data wiping algorithms to prevent data recovery.
Using go compiler:
go install go.dw1.io/rm-secure@latestNote
Requires Go 1.25.1 or later.
Or download a pre-built binary from releases page.
The following data wiping algorithms are currently supported:
- fast: Single-pass zero overwrite (default, fastest).
- vsitr: German VSITR standard (7 passes).
- dod: US DoD 5220.22-M standard (3 passes).
- gutmann: Peter Gutmann's algorithm (35 passes).
New algorithms can be proposed through issues.
- Config-based algorithms for simplified usage.
The standard rm(1) command simply unlinks files from the filesystem, leaving the actual data intact on disk until it's overwritten by other operations. This means deleted files can be recovered using forensic tools or even simple data recovery software. In contrast, rm-secure overwrites file contents multiple times using cryptographic patterns and established data sanitization algorithms before unlinking, making data recovery virtually impossible.
While rm(1) is extremely fast due to its simple unlinking operation, rm-secure trades speed for security by performing multiple write passes over the data. However, rm-secure maintains full compatibility with rm(1) syntax, making it a true drop-in replacement.
Use rm-secure when: You need to permanently destroy sensitive data (passwords, keys, confidential documents).
Use rm(1) when: Performance matters and data sensitivity is not a concern.
While GNU's shred(1) also provides secure deletion capabilities, rm-secure offers several advantages. Most notably, rm-secure supports multiple industry-standard wiping algorithms compared to shred(1)'s fixed 3-pass pattern with random data. This flexibility allows users to choose between speed and security based on their specific needs, with plans[?] to expand algorithm support through configuration-based approaches.
The most significant difference is recursive directory support. rm-secure can wipe entire directory trees natively with the -r flag, while shred(1) only works on individual files, requiring complex shell commands with find and xargs to achieve similar results. Additionally, rm-secure automatically unlinks files after wiping, whereas shred(1) requires the -u flag to remove files after overwriting.
Use rm-secure when: You need flexible algorithms, recursive wiping, or modern tooling.
Use shred(1) when: You're limited to POSIX utilities or need proven GNU coreutils behavior.
$ rm-secure -h
Usage: rm-secure [OPTION]... [FILE]...
Securely remove (wipe and unlink) the FILE(s).
Author: Dwi Siswanto <me@dw1.io>
Options:
-f, --force ignore non-existent files and arguments; never prompt prior to removal
-i, --i prompt before each removal
-I, --I prompt (once) prior to removing more than three files or when removing recursively
--interactive string prompt: 'never', 'once' (-I), 'always' (-i)
-a, --algorithm algorithm wipe algorithm: 'fast', 'vsitr', 'dod', 'gutmann' (default fast)
--continue-on-wipe-error continue with removal even if wiping fails (default true)
--one-file-system when recursing, skip directories that are on a different filesystem
--preserve-root do not remove '/' (default true)
--no-preserve-root do not special-case '/'
-r, --recursive remove directories and their contents recursively
-R, --R same as -r
-d, --dir remove empty directories
-v, --verbose explain what's occurring
--version print version information and exit
Wipe algorithms:
fast Single-pass overwrite with zero bytes (fastest)
Suitable for most cases where basic data sanitization is needed.
vsitr German VSITR standard - 7 passes (BSI/VSITR compliant)
Alternating patterns of zeros and ones (three times), ending with
0xAA pattern. Meets German data protection requirements.
dod US DoD 5220.22-M standard - 3 passes with verification
Pass 1: zeros (0x00), Pass 2: ones (0xFF), Pass 3: random bytes.
Meets US Department of Defense data sanitization requirements.
gutmann Peter Gutmann's algorithm - 35 passes (maximum security)
4 random lead-in passes, 27 targeted patterns for different magnetic
encoding schemes, 4 random lead-out passes. Designed to resist even
advanced physical recovery methods (e.g., magnetic force microscopy).
Note: May be overkill for modern drives.
Examples:
rm-secure file.txt Remove file.txt with fast algorithm
rm-secure -v file.txt Remove with verbose output
rm-secure -a gutmann secrets.doc Remove using Gutmann's 35-pass algorithm
rm-secure -r -a dod project/ Recursively remove directory with DoD standard
rm-secure -i *.tmp Prompt before each removal
WARNING: This operation is IRREVERSIBLE. Overwritten data cannot be recovered.
Note: Secure deletion is unreliable on SSDs due to wear-leveling. Consider
full-disk encryption (LUKS/dm-crypt) for true security on solid-state media.
Report bugs to: <https://github.com/dwisiswant0/rm-secure/issues># Remove file.txt with fast algorithm
rm-secure file.txt
# Remove file.txt with fast algorithm and verbose output
rm-secure -v file.txt
# Remove using Gutmann's 35-pass algorithm
rm-secure -a gutmann secrets.doc
# Recursively remove directory with DoD standard
rm-secure -r -a dod project/
# Prompt before each removal
rm-secure -i *.tmpCaution
Data is IRREVERSIBLE once wiped.
Note
Secure deletion is unreliable on SSDs due to wear-leveling. Consider full-disk encryption (LUKS/dm-crypt) for true security on solid-state media.
Forked from go-coreutils with additional features and optimizations.
Wiping implementation copied from go-wiper with critical bug fixes (I got them!) for lastPos reset between passes (prevented writing beyond file bounds) and multi-byte pattern indexing (ensured complete pattern writes).
GNU GPL Version 3.0.
Copyright (C) 2025 Dwi Siswanto
Copyright (C) 2021 Eric Lagergren (portions from go-coreutils)
Copyright (C) 2021 0x9ef (portions from go-wiper)
See LICENSE.