config:edit leaves temporary config vars file around after Ctrl+C

[edmorley]

Do you want to request a feature or report a bug?

Bug

What is the current behavior?

If I use heroku config:edit and change my mind about editing config vars, and Ctrl+C the CLI command rather than first closing the editor with no changes, then the temporary file that holds the env vars/secrets is left on disk in tmp, which is a security risk.

This is using macOS 12.3.1 with Homebrew bash.

What is the expected behavior?

That the temp file containing the env vars is deleted even if I Ctrl+C the command before closing the editor.

It seems this could be fixed by enabling tmp's graceful cleanup option:
https://www.npmjs.com/package/tmp#graceful-cleanup
https://github.com/jdxcode/edit-string/blob/2105f5ba946d9eb3cf34b23c91a2e73442f63360/src/edit.ts

Called via:

cli/packages/config/src/commands/config/edit.ts

Line 105 in b8292f3

const s = await editor.edit(configToString(original), {prefix, postfix: '.sh'})

[sbosio]

Added backlog item for fixing this.

GUS Work Item (Heroku internal).