diff --git a/bin/blackbox_postdeploy b/bin/blackbox_postdeploy
index 3afd01b..fd252b5 100755
--- a/bin/blackbox_postdeploy
+++ b/bin/blackbox_postdeploy
@@ -23,6 +23,5 @@ while read unencrypted_file; do
   encrypted_file=$(get_encrypted_filename "$unencrypted_file")
   decrypt_file_overwrite "$encrypted_file" "$unencrypted_file"
   chmod g+r,o-rwx "$unencrypted_file"
-  $CHGRP puppet "$unencrypted_file"
 done <"$BB_FILES"
 echo '========== Decrypting new/changed files: DONE'
diff --git a/tools/confidence_test.sh b/tools/confidence_test.sh
index 6a093f4..893fd0e 100755
--- a/tools/confidence_test.sh
+++ b/tools/confidence_test.sh
@@ -83,7 +83,7 @@ cat >"$gpgconfig" <<EOF
 Key-Type: default
 Subkey-Type: default
 Name-Real: Alice Example
-Name-Comment: with weak passphrase
+Name-Comment: my password is the lowercase letter a
 Name-Email: alice@example.com
 Expire-Date: 0
 Passphrase: a
@@ -121,7 +121,7 @@ cat >"$gpgconfig" <<EOF
 Key-Type: default
 Subkey-Type: default
 Name-Real: Bob Example
-Name-Comment: with weak passphrase
+Name-Comment: my password is the lowercase letter b
 Name-Email: bob@example.com
 Expire-Date: 0
 Passphrase: b
@@ -208,6 +208,17 @@ assert_file_exists secret.txt
 assert_file_exists secret.txt.gpg
 assert_file_md5hash secret.txt "beb0b0fd5701afb6f891de372abd35ed"
 
+PHASE 'Bob exposes a secret in the repo.'
+echo 'this is my exposed secret' >mistake.txt
+git add mistake.txt
+git commit -m'Oops I am committing a secret to the repo.' mistake.txt
+
+PHASE 'Bob corrects it by registering it.'
+blackbox_register_new_file mistake.txt
+assert_file_missing mistake.txt
+assert_file_exists mistake.txt.gpg
+# NOTE: It is still in the history. That should be corrected someday.
+
 # TODO(tlim): Add test to make sure that now alice can NOT decrypt.
 
 #