aboutsummaryrefslogtreecommitdiff
path: root/doc/redact_pass.txt
blob: 03e30f573b950120065e72ee8ef5c2d9dc80e6b7 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
*redact_pass.txt*	For Vim version 6.0	Last change: 2018 June 24

DESCRIPTION					*redact_pass*

This plugin switches off the 'viminfo', 'backup', 'writebackup', 'swapfile',
and 'undofile' options globally when editing a password in `pass(1)`.

This is to prevent anyone being able to extract passwords from your Vim cache
files in the event of a compromise.

You should test this after installation to ensure you see this message is
printed whenever you `pass edit`:

> Editing password file--disabled leaky options!

REQUIREMENTS					*redact_pass-requirements*

This plugin is only available if 'compatible' is not set.  It also requires
the |+autocmd| feature.

IMPLEMENTATION					*redact_pass-implementation*

The options are disabled globally rather than attempting to set them local to
the buffer only, which was the flawed approach of previous versions.  This is
mostly because of the 'viminfo' option; it's global, and there's no meaningful
way to exclude information from the sensitive buffer from appearing in it.

Because the typical use case for editing a password file in Vim is that you
load and change a single short document, and then quit, it's more sensible to
just turn the relevant options off completely, and makes what the plugin is
doing more reliable and straightforward to understand.

AUTHOR						*redact_pass-author*

Written and maintained by Tom Ryder <tom@sanctum.geek.nz>.

LICENSE						*redact_pass-license*

Licensed for distribution under the same terms as Vim itself (see |license|).

 vim:tw=78:ts=8:ft=help:norl: