" " redact_pass.vim: Switch off the 'viminfo', 'backup', 'writebackup', " 'swapfile', and 'undofile' globally when editing a password in pass(1). " " This is to prevent anyone being able to extract passwords from your Vim " cache files in the event of a compromise. " " Author: Tom Ryder " License: Same as Vim itself " if exists('g:loaded_redact_pass') || &compatible finish endif if !has('autocmd') finish endif let g:loaded_redact_pass = 1 " Pattern to match for the portion of the path after the temporary dir, " starting with the leading slash let s:pattern = '\m\C/pass\.[^/]\+/[^/]\+\.txt$' " Check whether the given dir name is not an empty string, whether the first " file in the argument list is within the named dir, and that the whole path " matches the above pattern immediately after that dir name function! s:PassPath(root) return strlen(a:root) \ && stridx(argv(0), a:root) == 0 \ && strlen(a:root) == match(argv(0), s:pattern) endfunction " Check whether we should set redacting options or not function! s:CheckArgsRedact() " Short-circuit unless we're editing just one file and it looks like a path " in one of the three expected directories; we're trying hard to make sure " this really is a password file and we're not messing with the user's " precious settings unnecessarily if argc() != 1 \ || !s:PassPath('/dev/shm') \ && !s:PassPath($TMPDIR) \ && !s:PassPath('/tmp') return endif " Disable all the leaky options globally set nobackup set nowritebackup set noswapfile set viminfo= if has('persistent_undo') set noundofile endif " Tell the user what we're doing so they know this worked, via a message and " a global variable they can check echomsg 'Editing password file--disabled leaky options!' let g:redact_pass_redacted = 1 endfunction " Auto function loads only when Vim starts up augroup redact_pass autocmd! autocmd VimEnter * call s:CheckArgsRedact() augroup END