From 75ad4ae2fbd8de1307bba94b837754db0d7c6a38 Mon Sep 17 00:00:00 2001
From: Alok Menghrajani <alok@squareup.com>
Date: Tue, 12 Jul 2016 13:27:16 -0700
Subject: [PATCH] Ensures listing secrets excludes deleted secrets without
 content.

---
 cache_test.go | 1 +
 secretmap.go  | 7 +++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/cache_test.go b/cache_test.go
index d530690..2d294d6 100644
--- a/cache_test.go
+++ b/cache_test.go
@@ -333,6 +333,7 @@ func TestCacheSecretListUsesClientOverCache(t *testing.T) {
 	list := cache.SecretList()
 	assert.Len(list, 2)
 	assert.Contains(list, *fixture1)
+	assert.Contains(list, *fixture2)
 	assert.Equal(2, cache.Len())
 
 	// Advance clock, cache should now have only 1 element
diff --git a/secretmap.go b/secretmap.go
index de4105e..e02de30 100644
--- a/secretmap.go
+++ b/secretmap.go
@@ -113,10 +113,13 @@ func (m *SecretMap) Replace(m2 *SecretMap) {
 	// Delete existing entries
 	expire := m.getNow().Add(m.timeouts.DeletionDelay)
 	for k, v := range m.m {
-		if v.ttl.IsZero() {
+		// Only hold on to secrets which actually have data.
+		if len(v.Secret.Content) == 0 {
+			delete(m.m, k)
+		} else if v.ttl.IsZero() {
 			v.ttl = expire
+			m.m[k] = v
 		}
-		m.m[k] = v
 	}
 
 	// Replace values with data from m2