diff options
author | Tom Ryder <tom@sanctum.geek.nz> | 2018-06-06 16:45:18 +1200 |
---|---|---|
committer | Tom Ryder <tom@sanctum.geek.nz> | 2018-06-06 16:45:18 +1200 |
commit | 42481abf5714b506198020c3e13337902d9b1e39 (patch) | |
tree | 1ef9611caafd8e4e3b31c1a8da8028e55fdc9ca9 | |
download | vim-redact-pass-42481abf5714b506198020c3e13337902d9b1e39.tar.gz vim-redact-pass-42481abf5714b506198020c3e13337902d9b1e39.zip |
Initial commit
-rw-r--r-- | README.markdown | 22 | ||||
-rw-r--r-- | VERSION | 1 | ||||
-rw-r--r-- | doc/redact_pass.txt | 39 | ||||
-rw-r--r-- | plugin/redact_pass.vim | 54 |
4 files changed, 116 insertions, 0 deletions
diff --git a/README.markdown b/README.markdown new file mode 100644 index 0000000..8087640 --- /dev/null +++ b/README.markdown @@ -0,0 +1,22 @@ +redact\_pass.vim +================ + +This plugin switches off the` 'viminfo'`, `'backup'`, `'swapfile'`, and +`'undofile'` options locally for the buffer when editing passwords in the +`pass(1)` password manager, or a comparable tool if `g:redact_pass_pattern` is +set beforehand. + +This is to prevent anyone being able to extract passwords from your Vim cache +files in the event of a compromise. + +Test this carefully to make sure it works! If it doesn't, it is probably +because you need to set `g:redact_pass_pattern` to fit your system's behaviour, +or the plugin hasn't loaded at all. + +License +------- + +Copyright (c) [Tom Ryder][1]. Distributed under the same terms as Vim itself. +See `:help license`. + +[1]: https://sanctum.geek.nz/ @@ -0,0 +1 @@ +0.1.0 diff --git a/doc/redact_pass.txt b/doc/redact_pass.txt new file mode 100644 index 0000000..2676129 --- /dev/null +++ b/doc/redact_pass.txt @@ -0,0 +1,39 @@ +*redact_pass.txt* For Vim version 6.0 Last change: 2018 June 6 + +DESCRIPTION *redact_pass* + +This plugin switches off the 'viminfo', 'backup', 'swapfile', and 'undofile' +options locally for the buffer when editing passwords in the `pass(1)` +password manager, or a comparable tool if `g:redact_pass_pattern` is set +beforehand. + +This is to prevent anyone being able to extract passwords from your Vim cache +files in the event of a compromise. + +Test this carefully to make sure it works! If it doesn't, it is probably +because you need to set `g:redact_pass_pattern` to fit your system's +behaviour, or the plugin hasn't loaded at all. + +REQUIREMENTS *redact_pass-requirements* + +This plugin is only available if 'compatible' is not set. It also requires the +|+autocmd| feature. + +OPTIONS *redact_pass-options* + +There is one options you can set in your |vimrc| before loading the plugin: + + *g:redact_pass_backup* +Set `g:redact_pass_pattern` to specify the path pattern for which the options +should be disabled. This defaults to a value based on the source code of +`pass(1)`. + +AUTHOR *redact_pass-author* + +Written and maintained by Tom Ryder <tom@sanctum.geek.nz>. + +LICENSE *redact_pass-license* + +Licensed for distribution under the same terms as Vim itself (see |license|). + + vim:tw=78:ts=8:ft=help:norl: diff --git a/plugin/redact_pass.vim b/plugin/redact_pass.vim new file mode 100644 index 0000000..aeb71ae --- /dev/null +++ b/plugin/redact_pass.vim @@ -0,0 +1,54 @@ +" +" redact_pass.vim: Switch off the 'viminfo', 'backup', 'swapfile', and +" 'undofile' when editing passwords in the pass(1) password manager, or a +" comparable tool if g:redact_pass_pattern is set beforehand. +" +" This is to prevent anyone being able to extract passwords from your Vim +" cache files in the event of a compromise. +" +" Test this carefully to make sure it works! If it doesn't, it is probably +" because you need to set g:redact_pass_pattern to fit your system's +" behaviour, or the plugin hasn't loaded at all. +" +" Author: Tom Ryder <tom@sanctum.geek.nz> +" License: Same as Vim itself +" +if exists('g:loaded_redact_pass') || &compatible + finish +endif +if !has('autocmd') + finish +endif +let g:loaded_redact_pass = 1 + +" Set g:redact_pass_pattern to a default based on the pass(1) code, if it +" hasn't already been set +if !exists('g:redact_pass_pattern') + let g:redact_pass_pattern + \ = '/dev/shm/pass.*/*,$TMPDIR/pass.*/*,/tmp/pass.*/*' +endif + +" Function to switch the options off for just the current buffer +function! s:RedactPass() + + " Unset options + setlocal nobackup + setlocal noswapfile + setlocal viminfo= + if has('persistent_undo') + setlocal noundofile + endif + + " Set a buffer variable to say we were here, for debugging + let b:redact_pass_active = 1 + +endfunction + +" Automatic command to use the function based on filename pattern +let s:command = 'autocmd BufNewFile,BufReadPre ' + \ . g:redact_pass_pattern + \ . ' call s:RedactPass()' +augroup redact_pass + autocmd! + execute s:command +augroup END |