diff --git a/Makefile b/Makefile
index 61ac92dd..8dae5d41 100644
--- a/Makefile
+++ b/Makefile
@@ -17,10 +17,8 @@ copy-binary-from-image: guard-SEMVER
 upload-binaries-to-s3: guard-S3_PATH
 	aws s3 cp ./bin ${S3_PATH}/ --recursive
 
-.PHONY: docker-image-all
-docker-image-all: git-submodule-setup
-	make docker-image
-	make docker-image-malicious
+.PHONY: all
+all: git-submodule-setup docker-image docker-image-malicious
 
 .PHONY: git-submodule-setup
 git-submodule-setup:
@@ -28,4 +26,4 @@ git-submodule-setup:
 	git submodule update
 
 guard-%:
-	@ if [ -z '${${*}}' ]; then echo 'Environment variable $* not set' && exit 1; fi
\ No newline at end of file
+	@ if [ -z '${${*}}' ]; then echo 'Environment variable $* not set' && exit 1; fi
diff --git a/entrypoint.sh b/entrypoint.sh
index 7fe54379..76166a02 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -15,10 +15,37 @@ create_mnemonic() {
         return $ERR
     fi
 
-    (echo ${PASSWORD} | tofnd ${ARGS} -m create) && echo "... ok" && return $OK
+    (echo "${PASSWORD}" | tofnd "${ARGS[@]}" -m create) && echo "... ok" && return $OK
     return $ERR
 }
 
+rotate_mnemonic() {
+  if [ -a "$ROTATE_PATH" ]; then
+    echo "File found at $ROTATE_PATH. Attempting to rotate mnemonic"
+
+    if [ -a "$IMPORT_PATH" ]; then
+      timestamp=$(date +%Y-%m-%d-%m)
+      backup_path="$IMPORT_PATH-$timestamp.bak"
+      mv "$IMPORT_PATH" "$backup_path"
+      echo "Warning: Previous import file found. Delete $backup_path file after backing up."
+    fi
+
+    if [ -n "${NOPASSWORD}" ]; then \
+        echo "Rotating without password"
+        (tofnd "${ARGS[@]}" -m rotate) || return $ERR
+    else
+        echo "Rotating with password"
+        (echo "$PASSWORD" | tofnd "${ARGS[@]}" -m rotate) || return $ERR
+    fi
+    printf "\n\n"
+    mv "$EXPORT_PATH" "$IMPORT_PATH"
+    rm "$ROTATE_PATH"
+  else
+    echo "Mnemonic rotation skipped. No file found at $ROTATE_PATH"
+  fi
+  return $OK
+}
+
 # import: import a mnemonic from $IMPORT_PATH
 import_mnemonic() {
     echo "Importing mnemonic ..."
@@ -35,10 +62,10 @@ import_mnemonic() {
 
     if [ -n "${NOPASSWORD}" ]; then \
         echo "No password"
-        (cat $IMPORT_PATH | tofnd ${ARGS} -m import) || return $ERR
+        (tofnd "${ARGS[@]}" -m import < "$IMPORT_PATH") || return $ERR
     else
         echo "With password"
-        ((echo $PASSWORD && cat $IMPORT_PATH) | tofnd ${ARGS} -m import) || return $ERR
+        ( (echo "$PASSWORD" && cat "$IMPORT_PATH") | tofnd "${ARGS[@]}" -m import) || return $ERR
     fi
 
     echo "... ok"
@@ -48,7 +75,7 @@ import_mnemonic() {
 # export: export the mnemonic to $EXPORT_PATH
 export_mnemonic() {
     echo "Exporting mnemonic ..."
-    echo ${PASSWORD} | tofnd ${ARGS} -m export || return $ERR
+    echo "${PASSWORD}" | tofnd "${ARGS[@]}" -m export || return $ERR
     echo "... ok"
     return $OK
 }
@@ -61,19 +88,24 @@ PASSWORD="${PASSWORD:-$EMPTY_STRING}"
 TOFND_HOME=${TOFND_HOME:-"./.tofnd"}
 IMPORT_PATH=$TOFND_HOME/import
 EXPORT_PATH=$TOFND_HOME/export
+ROTATE_PATH=$TOFND_HOME/rotate
 
-echo "Using tofnd root:" $TOFND_HOME
+echo "Using tofnd root:" "$TOFND_HOME"
 
 # gather user's args
 
+ARGS=()
 # add '--no-password' and '--unsafe' flags to args if enabled
-ARGS=${NOPASSWORD:+"--no-password"}
+if [ -n "$NOPASSWORD" ]; then ARGS+=("--no-password"); fi
+
 # add '--unsafe' flag to args if enabled
-ARGS+=${UNSAFE:+" --unsafe"}
-# add '--address' flag to args if enabled
-ARGS+=${ADDRESS:+" --address ${ADDRESS}"}
-# add '--port' flag to args if enabled
-ARGS+=${PORT:+" --port ${PORT}"}
+if [ -n "$UNSAFE" ]; then ARGS+=("--unsafe"); fi
+
+# # add '--address' flag to args if enabled
+if [ -n "$ADDRESS" ]; then ARGS+=("--address" "$ADDRESS"); fi
+
+# # add '--port' flag to args if enabled
+if [ -n "$PORT" ]; then ARGS+=("--port" "$PORT"); fi
 
 # check mnemonic arg
 if [ -n "${MNEMONIC_CMD}" ]; then \
@@ -83,11 +115,10 @@ if [ -n "${MNEMONIC_CMD}" ]; then \
         # Order of set up: 1) import mnemonic, 2) create mnemonic.
         # If 2) then move the mnemonic to $IMPORT_PATH so that tofnd will not complain
         auto)
-            echo "Trying import" && import_mnemonic \
-            || (echo "... skipping. Trying to create" && create_mnemonic && mv $EXPORT_PATH $IMPORT_PATH) \
-            || echo "... skipping"
+            echo "Trying to import mnemonic" && import_mnemonic \
+            || (echo "Unable to import mnemonic. Trying to create mnemonic" && create_mnemonic && mv "$EXPORT_PATH" "$IMPORT_PATH") \
+            || rotate_mnemonic && echo "Proceeding without creating or importing mnemonic. Using existing mnemonic"
             ;;
-
         existing)
             ;;
 
@@ -111,11 +142,9 @@ if [ -n "${MNEMONIC_CMD}" ]; then \
             exit $ERR
             ;;
     esac
-
-    echo "Using existing mnemonic ..."
-    ARGS+=" -m existing"
+    ARGS+=("-m" "existing")
 fi
 
 # execute tofnd daemon
-exec echo ${PASSWORD} | tofnd ${ARGS} "$@"; \
+exec echo "${PASSWORD}" | tofnd "${ARGS[@]}" "$@"; \