Cryptographic key erasure
SSUBuilder and HelloBuilder hold a key created with SecretKeySpec. As stated in this documentation : SecreyKeySpec constructor the key given in parameter to the SecretKeySpec constructor is copied into the new object, so this object should be cleaned by a call to destroy when not used anymore. NB IMPORTANT : a test (during the test stage) should be done to make sure that the original key, given in the constructor parameter, is not erased consistently with the java api documentation.
More broadly the arrays containing the shared key (or other secrets) should be overwritten as soon as they are not used anymore.
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information