From 42481abf5714b506198020c3e13337902d9b1e39 Mon Sep 17 00:00:00 2001
From: Tom Ryder <tom@sanctum.geek.nz>
Date: Wed, 6 Jun 2018 16:45:18 +1200
Subject: Initial commit

---
 README.markdown        | 22 ++++++++++++++++++++
 VERSION                |  1 +
 doc/redact_pass.txt    | 39 ++++++++++++++++++++++++++++++++++++
 plugin/redact_pass.vim | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 116 insertions(+)
 create mode 100644 README.markdown
 create mode 100644 VERSION
 create mode 100644 doc/redact_pass.txt
 create mode 100644 plugin/redact_pass.vim

diff --git a/README.markdown b/README.markdown
new file mode 100644
index 0000000..8087640
--- /dev/null
+++ b/README.markdown
@@ -0,0 +1,22 @@
+redact\_pass.vim
+================
+
+This plugin switches off the` 'viminfo'`, `'backup'`, `'swapfile'`, and
+`'undofile'` options locally for the buffer when editing passwords in the
+`pass(1)` password manager, or a comparable tool if `g:redact_pass_pattern` is
+set beforehand.
+
+This is to prevent anyone being able to extract passwords from your Vim cache
+files in the event of a compromise.
+
+Test this carefully to make sure it works! If it doesn't, it is probably
+because you need to set `g:redact_pass_pattern` to fit your system's behaviour,
+or the plugin hasn't loaded at all.
+
+License
+-------
+
+Copyright (c) [Tom Ryder][1]. Distributed under the same terms as Vim itself.
+See `:help license`.
+
+[1]: https://sanctum.geek.nz/
diff --git a/VERSION b/VERSION
new file mode 100644
index 0000000..6e8bf73
--- /dev/null
+++ b/VERSION
@@ -0,0 +1 @@
+0.1.0
diff --git a/doc/redact_pass.txt b/doc/redact_pass.txt
new file mode 100644
index 0000000..2676129
--- /dev/null
+++ b/doc/redact_pass.txt
@@ -0,0 +1,39 @@
+*redact_pass.txt*	For Vim version 6.0	Last change: 2018 June 6
+
+DESCRIPTION					*redact_pass*
+
+This plugin switches off the 'viminfo', 'backup', 'swapfile', and 'undofile'
+options locally for the buffer when editing passwords in the `pass(1)`
+password manager, or a comparable tool if `g:redact_pass_pattern` is set
+beforehand.
+
+This is to prevent anyone being able to extract passwords from your Vim cache
+files in the event of a compromise.
+
+Test this carefully to make sure it works! If it doesn't, it is probably
+because you need to set `g:redact_pass_pattern` to fit your system's
+behaviour, or the plugin hasn't loaded at all.
+
+REQUIREMENTS					*redact_pass-requirements*
+
+This plugin is only available if 'compatible' is not set. It also requires the
+|+autocmd| feature.
+
+OPTIONS						*redact_pass-options*
+
+There is one options you can set in your |vimrc| before loading the plugin:
+
+						*g:redact_pass_backup*
+Set `g:redact_pass_pattern` to specify the path pattern for which the options
+should be disabled. This defaults to a value based on the source code of
+`pass(1)`.
+
+AUTHOR						*redact_pass-author*
+
+Written and maintained by Tom Ryder <tom@sanctum.geek.nz>.
+
+LICENSE						*redact_pass-license*
+
+Licensed for distribution under the same terms as Vim itself (see |license|).
+
+ vim:tw=78:ts=8:ft=help:norl:
diff --git a/plugin/redact_pass.vim b/plugin/redact_pass.vim
new file mode 100644
index 0000000..aeb71ae
--- /dev/null
+++ b/plugin/redact_pass.vim
@@ -0,0 +1,54 @@
+"
+" redact_pass.vim: Switch off the 'viminfo', 'backup', 'swapfile', and
+" 'undofile' when editing passwords in the pass(1) password manager, or a
+" comparable tool if g:redact_pass_pattern is set beforehand.
+"
+" This is to prevent anyone being able to extract passwords from your Vim
+" cache files in the event of a compromise.
+"
+" Test this carefully to make sure it works! If it doesn't, it is probably
+" because you need to set g:redact_pass_pattern to fit your system's
+" behaviour, or the plugin hasn't loaded at all.
+"
+" Author: Tom Ryder <tom@sanctum.geek.nz>
+" License: Same as Vim itself
+"
+if exists('g:loaded_redact_pass') || &compatible
+  finish
+endif
+if !has('autocmd')
+  finish
+endif
+let g:loaded_redact_pass = 1
+
+" Set g:redact_pass_pattern to a default based on the pass(1) code, if it
+" hasn't already been set
+if !exists('g:redact_pass_pattern')
+  let g:redact_pass_pattern
+        \ = '/dev/shm/pass.*/*,$TMPDIR/pass.*/*,/tmp/pass.*/*'
+endif
+
+" Function to switch the options off for just the current buffer
+function! s:RedactPass()
+
+  " Unset options
+  setlocal nobackup
+  setlocal noswapfile
+  setlocal viminfo=
+  if has('persistent_undo')
+    setlocal noundofile
+  endif
+
+  " Set a buffer variable to say we were here, for debugging
+  let b:redact_pass_active = 1
+
+endfunction
+
+" Automatic command to use the function based on filename pattern
+let s:command = 'autocmd BufNewFile,BufReadPre '
+      \ . g:redact_pass_pattern
+      \ . ' call s:RedactPass()'
+augroup redact_pass
+  autocmd!
+  execute s:command
+augroup END
-- 
cgit v1.2.3