diff --git a/.ci/functional_test.sh b/.ci/functional_test.sh
index 17e469331..dcf7c7a67 100755
--- a/.ci/functional_test.sh
+++ b/.ci/functional_test.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-set -x
+set -e
 
 sudo apt-get update
 sudo apt-get install -y -q postgresql \
@@ -27,16 +27,18 @@ echo "Printing SSL debug info"
 openssl s_client -connect $(hostname):8800 -servername $(hostname) -showcerts -prexit
 
 echo "Removing package"
-sudo apt-get remove firezone
+output=$(sudo apt-get remove --purge firezone)
 
-echo "Checking if directory was removed"
-if [ -d /opt/firezone ]; then
-  echo "Package removal issue"
+echo "Checking if config file was removed"
+if [ -e /opt/firezone/config.env ]; then
+  echo "Config removal issue"
   exit 1
 fi
 
-echo "Checking if database was dropped"
-if $(sudo su postgres -c "psql -lqt | cut -d \| -f 1 | grep -qw firezone"); then
-  echo "Database still exists"
+echo "Checking if instructions were printed on how to remove database and secrets"
+if echo "$output" | grep 'Refusing to purge /etc/firezone/secret and drop database.'; then
+  echo "Instructions printed"
+else
+  echo "Instructions not printed!"
   exit 1
 fi
diff --git a/pkg/debian_shared/DEBIAN/postrm b/pkg/debian_shared/DEBIAN/postrm
index cbdfe886c..12de57c47 100755
--- a/pkg/debian_shared/DEBIAN/postrm
+++ b/pkg/debian_shared/DEBIAN/postrm
@@ -4,3 +4,10 @@ set -e
 # Remove created user
 echo "Removing firezone user"
 userdel -Zrf firezone
+
+if [ "$1" = purge ]; then
+  echo "Refusing to purge /etc/firezone/secret and drop database. This must be done manually."
+  echo "If you really want to do this, run the following as root:"
+  echo "  su postgres -c 'psql -c \"DROP DATABASE firezone;\"'"
+  echo "  rm -rf /etc/firezone/secret"
+fi