diff options
Diffstat (limited to 'contrib/vim/redact_pass.txt')
-rw-r--r-- | contrib/vim/redact_pass.txt | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/contrib/vim/redact_pass.txt b/contrib/vim/redact_pass.txt new file mode 100644 index 0000000..86d8a25 --- /dev/null +++ b/contrib/vim/redact_pass.txt @@ -0,0 +1,41 @@ +*redact_pass.txt* For Vim version 6.0 Last change: 2018 June 10 + +DESCRIPTION *redact_pass* + +This plugin switches off the 'viminfo', 'backup', 'writebackup', 'swapfile', +and 'undofile' options globally when editing a password in `pass(1)`. + +This is to prevent anyone being able to extract passwords from your Vim cache +files in the event of a compromise. + +You should test this after installed to ensure you see this message is printed +whenever you `pass edit`: + +> Editing password file--disabled leaky options! + +REQUIREMENTS *redact_pass-requirements* + +This plugin is only available if 'compatible' is not set. It also requires the +|+autocmd| feature. + +IMPLEMENTATION *redact_pass-implementation* + +The options are disabled globally rather than attempting to set them local to +the buffer only, which was the flawed approach of previous versions. This is +mostly because of the 'viminfo' option; it's global, and there's no meaningful +way to exclude information from the sensitive buffer from appearing in it. + +Because the typical use case for editing a password file in Vim is that you +load and change a single short document, and then quit, it's more sensible to +just turn the relevant options off completely, and makes what the plugin is +doing more reliable and straightforward to understand. + +AUTHOR *redact_pass-author* + +Written and maintained by Tom Ryder <tom@sanctum.geek.nz>. + +LICENSE *redact_pass-license* + +Licensed for distribution under the same terms as the pass(1) project. + + vim:tw=78:ts=8:ft=help:norl: |