Call vcs_ignore bwfore the file is shredded

bin/blackbox_register_new_file

@@ -29,6 +29,7 @@ function register_new_file() {
   prepare_keychain
   encrypt_file "$unencrypted_file" "$encrypted_file"
   add_filename_to_cryptlist "$unencrypted_file"
+  vcs_ignore "$unencrypted_file"
 
   # Is the unencrypted file already in HG? (ie. are we correcting a bad situation)
   SECRETSEXPOSED=$(is_in_vcs "${unencrypted_file}")
@@ -41,7 +42,6 @@ function register_new_file() {
     vcs_add "$encrypted_file"
   fi
 
-  vcs_ignore "$unencrypted_file"
   echo 'NOTE: "already tracked!" messages are safe to ignore.'
   vcs_add "$BB_FILES" "$encrypted_file"
   vcs_commit "registered in blackbox: ${unencrypted_file}" "$BB_FILES" "$encrypted_file" "$(vcs_ignore_file_path)"

tools/confidence_test.sh

@@ -161,7 +161,7 @@ assert_file_missing secret.txt
 assert_file_exists secret.txt.gpg
 assert_line_exists '/secret.txt' .gitignore
 
-PHASE 'She cats secrets.txt.gpg'
+PHASE 'She cats secrets.txt.gpg.'
 make_self_deleting_tempfile catsecret
 blackbox_cat secret.txt.gpg > $catsecret
 assert_line_exists 'this is my secret' $catsecret