diff --git a/attestation/commandrun/commandrun.go b/attestation/commandrun/commandrun.go
index 2495501f..e04767e7 100644
--- a/attestation/commandrun/commandrun.go
+++ b/attestation/commandrun/commandrun.go
@@ -80,15 +80,8 @@ func WithSilent(silent bool) Option {
 	}
 }
 
-func WithEnvironmentBlockList(blockList map[string]struct{}) Option {
-	return func(cr *CommandRun) {
-		cr.sensitiveEnvList = blockList
-	}
-}
-
 func New(opts ...Option) *CommandRun {
 	cr := &CommandRun{
-		sensitiveEnvList: environment.DefaultSensitiveEnvList(),
 	}
 
 	for _, opt := range opts {
@@ -121,7 +114,6 @@ type CommandRun struct {
 	silent           bool
 	materials        map[string]cryptoutil.DigestSet
 	enableTracing    bool
-	sensitiveEnvList map[string]struct{}
 }
 
 func (a *CommandRun) Schema() *jsonschema.Schema {
diff --git a/attestation/commandrun/tracing_linux.go b/attestation/commandrun/tracing_linux.go
index 34c21b85..d214b35d 100644
--- a/attestation/commandrun/tracing_linux.go
+++ b/attestation/commandrun/tracing_linux.go
@@ -42,7 +42,7 @@ type ptraceContext struct {
 	processes        map[int]*ProcessInfo
 	exitCode         int
 	hash             []cryptoutil.DigestValue
-	sensitiveEnvList map[string]struct{}
+	environmentCapturer *environment.Capture
 }
 
 func enableTracing(c *exec.Cmd) {
@@ -57,7 +57,7 @@ func (r *CommandRun) trace(c *exec.Cmd, actx *attestation.AttestationContext) ([
 		mainProgram:      c.Path,
 		processes:        make(map[int]*ProcessInfo),
 		hash:             actx.Hashes(),
-		sensitiveEnvList: r.sensitiveEnvList,
+		environmentCapturer: actx.EnvironmentCapturer(),
 	}
 
 	if err := pctx.runTrace(); err != nil {
@@ -200,10 +200,7 @@ func (p *ptraceContext) handleSyscall(pid int, regs unix.PtraceRegs) error {
 		environ, err := os.ReadFile(envinLocation)
 		if err == nil {
 			allVars := strings.Split(string(environ), "\x00")
-			filteredEnviron := make([]string, 0)
-			environment.FilterEnvironmentArray(allVars, p.sensitiveEnvList, map[string]struct{}{}, func(_, _, varStr string) {
-				filteredEnviron = append(filteredEnviron, varStr)
-			})
+			filteredEnviron := p.environmentCapturer.Capture(allVars)
 
 			procInfo.Environ = strings.Join(filteredEnviron, " ")
 		}