aboutsummaryrefslogtreecommitdiff
path: root/plugin/redact_pass.vim
diff options
context:
space:
mode:
Diffstat (limited to 'plugin/redact_pass.vim')
-rw-r--r--plugin/redact_pass.vim54
1 files changed, 54 insertions, 0 deletions
diff --git a/plugin/redact_pass.vim b/plugin/redact_pass.vim
new file mode 100644
index 0000000..aeb71ae
--- /dev/null
+++ b/plugin/redact_pass.vim
@@ -0,0 +1,54 @@
+"
+" redact_pass.vim: Switch off the 'viminfo', 'backup', 'swapfile', and
+" 'undofile' when editing passwords in the pass(1) password manager, or a
+" comparable tool if g:redact_pass_pattern is set beforehand.
+"
+" This is to prevent anyone being able to extract passwords from your Vim
+" cache files in the event of a compromise.
+"
+" Test this carefully to make sure it works! If it doesn't, it is probably
+" because you need to set g:redact_pass_pattern to fit your system's
+" behaviour, or the plugin hasn't loaded at all.
+"
+" Author: Tom Ryder <tom@sanctum.geek.nz>
+" License: Same as Vim itself
+"
+if exists('g:loaded_redact_pass') || &compatible
+ finish
+endif
+if !has('autocmd')
+ finish
+endif
+let g:loaded_redact_pass = 1
+
+" Set g:redact_pass_pattern to a default based on the pass(1) code, if it
+" hasn't already been set
+if !exists('g:redact_pass_pattern')
+ let g:redact_pass_pattern
+ \ = '/dev/shm/pass.*/*,$TMPDIR/pass.*/*,/tmp/pass.*/*'
+endif
+
+" Function to switch the options off for just the current buffer
+function! s:RedactPass()
+
+ " Unset options
+ setlocal nobackup
+ setlocal noswapfile
+ setlocal viminfo=
+ if has('persistent_undo')
+ setlocal noundofile
+ endif
+
+ " Set a buffer variable to say we were here, for debugging
+ let b:redact_pass_active = 1
+
+endfunction
+
+" Automatic command to use the function based on filename pattern
+let s:command = 'autocmd BufNewFile,BufReadPre '
+ \ . g:redact_pass_pattern
+ \ . ' call s:RedactPass()'
+augroup redact_pass
+ autocmd!
+ execute s:command
+augroup END