2 files changed, 16 insertions, 1 deletions

diff --git a/src/mailman_pgp/config/mailman_pgp.cfg b/src/mailman_pgp/config/mailman_pgp.cfg
index 0828b3d..6a65ad9 100644
--- a/src/mailman_pgp/config/mailman_pgp.cfg
+++ b/src/mailman_pgp/config/mailman_pgp.cfg
@@ -63,9 +63,20 @@ primary_key: RSA:4096
 #     brainpoolP512r1, secp256k1
 sub_key: RSA:4096
 
-# Shred keys on list deletion?
+# Shred keypair on list deletion? Shredding tries to securely erase the file
+# by overwriting it with random data many times. Will be only performed if
+# the `delete` option is also set to yes.
 shred: yes
 
+# A command, that is run when shredding the list key (if shred is set).
+# It is passed the list key path as an argument.
+# If empty, mailman-pgp will try to shred the listkey itself.
+# Some Linux distributions provide the `shred` command from GNU coreutils, or
+# similar.
+shred_command:
+
+# Delete list keypair on list deletion?
+delete: yes
 
 [queues]
 # The queue to which processed incoming messages are passed.
diff --git a/src/mailman_pgp/config/schema.cfg b/src/mailman_pgp/config/schema.cfg
index feed0b6..9967485 100644
--- a/src/mailman_pgp/config/schema.cfg
+++ b/src/mailman_pgp/config/schema.cfg
@@ -43,6 +43,10 @@ sub_key: (RSA:\d{3,4}|ECDH:(nistp256|nistp384|nistp521|brainpoolP256r1|brainpool
 
 shred: lazr.config.as_boolean
 
+shred_command: mailman_pgp.utils.config.expandable_str
+
+delete: lazr.config.as_boolean
+
 
 [queues]
 in: str