|author||Tom Ryder <firstname.lastname@example.org>||2018-06-10 00:24:34 +1200|
|committer||Tom Ryder <email@example.com>||2018-06-10 00:24:47 +1200|
|parent||Disable 'writebackup' too (diff)|
Completely refactor for version 1.0.0v1.0.0
Turn off leaky options globally just after startup if we have only one file to edit and it matches the typical pass(1) path.
Diffstat (limited to 'doc')
1 files changed, 16 insertions, 14 deletions
diff --git a/doc/redact_pass.txt b/doc/redact_pass.txt
index 2676129..87df5ec 100644
@@ -1,32 +1,34 @@
-*redact_pass.txt* For Vim version 6.0 Last change: 2018 June 6
+*redact_pass.txt* For Vim version 6.0 Last change: 2018 June 10
-This plugin switches off the 'viminfo', 'backup', 'swapfile', and 'undofile'
-options locally for the buffer when editing passwords in the `pass(1)`
-password manager, or a comparable tool if `g:redact_pass_pattern` is set
+This plugin switches off the 'viminfo', 'backup', 'writebackup', 'swapfile',
+and 'undofile' options globally when editing a password in `pass(1)`.
This is to prevent anyone being able to extract passwords from your Vim cache
files in the event of a compromise.
-Test this carefully to make sure it works! If it doesn't, it is probably
-because you need to set `g:redact_pass_pattern` to fit your system's
-behaviour, or the plugin hasn't loaded at all.
+You should test this after installed to ensure you see this message is printed
+whenever you `pass edit`:
+> Editing password file--disabled leaky options!
This plugin is only available if 'compatible' is not set. It also requires the
-There is one options you can set in your |vimrc| before loading the plugin:
+The options are disabled globally rather than attempting to set them local to
+the buffer only, which was the flawed approach of previous versions. This is
+mostly because of the 'viminfo' option; it's global, and there's no meaningful
+way to exclude information from the sensitive buffer from appearing in it.
-Set `g:redact_pass_pattern` to specify the path pattern for which the options
-should be disabled. This defaults to a value based on the source code of
+Because the typical use case for editing a password file in Vim is that you
+load and change a single short document, and then quit, it's more sensible to
+just turn the relevant options off completely, and makes what the plugin is
+doing more reliable and straightforward to understand.