redact_pass.vim (1561B)
1 " 2 " redact_pass.vim: Switch off the 'viminfo', 'backup', 'writebackup', 3 " 'swapfile', and 'undofile' globally when editing a password in pass(1). 4 " 5 " This is to prevent anyone being able to extract passwords from your Vim 6 " cache files in the event of a compromise. 7 " 8 " Author: Tom Ryder <tom@sanctum.geek.nz> 9 " License: Same as Vim itself 10 " 11 if exists('g:loaded_redact_pass') || &compatible 12 finish 13 endif 14 if !has('autocmd') || v:version < 600 15 finish 16 endif 17 let g:loaded_redact_pass = 1 18 19 " Check whether we should set redacting options or not 20 function! s:CheckArgsRedact() 21 22 " Ensure there's one argument and it's the matched file 23 if argc() != 1 || fnamemodify(argv(0), ':p') !=# expand('<afile>:p') 24 return 25 endif 26 27 " Disable all the leaky options globally 28 set nobackup 29 set nowritebackup 30 set noswapfile 31 set viminfo= 32 if has('persistent_undo') 33 set noundofile 34 endif 35 36 " Tell the user what we're doing so they know this worked, via a message and 37 " a global variable they can check 38 redraw 39 echomsg 'Editing password file--disabled leaky options!' 40 let g:redact_pass_redacted = 1 41 42 endfunction 43 44 " Auto function loads only when Vim starts up 45 augroup redact_pass 46 autocmd! 47 autocmd VimEnter 48 \ /dev/shm/pass.?*/?*.txt 49 \,$TMPDIR/pass.?*/?*.txt 50 \,/tmp/pass.?*/?*.txt 51 \ call s:CheckArgsRedact() 52 " Work around macOS' dynamic symlink structure for temporary directories 53 if has('mac') 54 autocmd VimEnter 55 \ /private/var/?*/pass.?*/?*.txt 56 \ call s:CheckArgsRedact() 57 endif 58 augroup END