vim: pass plugin

1 files changed, 51 insertions, 0 deletions

diff --git a/.vim/ftdetect/redact_pass.vim b/.vim/ftdetect/redact_pass.vim
new file mode 100644
index 0000000..a3d67e8
--- /dev/null
+++ b/.vim/ftdetect/redact_pass.vim
@@ -0,0 +1,51 @@
+"
+" redact_pass.vim: Switch off the 'viminfo', 'backup', 'writebackup',
+" 'swapfile', and 'undofile' globally when editing a password in pass(1).
+"
+" This is to prevent anyone being able to extract passwords from your Vim
+" cache files in the event of a compromise.
+"
+" Author: Tom Ryder <tom@sanctum.geek.nz>
+" License: Same as Vim itself
+"
+if exists('g:loaded_redact_pass') || &compatible
+  finish
+endif
+if !has('autocmd') || v:version < 600
+  finish
+endif
+let g:loaded_redact_pass = 1
+
+" Check whether we should set redacting options or not
+function! s:CheckArgsRedact()
+
+  " Ensure there's one argument and it's the matched file
+  if argc() != 1 || fnamemodify(argv(0), ':p') !=# expand('<afile>:p')
+    return
+  endif
+
+  " Disable all the leaky options globally
+  set nobackup
+  set nowritebackup
+  set noswapfile
+  set viminfo=
+  if has('persistent_undo')
+    set noundofile
+  endif
+
+  " Tell the user what we're doing so they know this worked, via a message and
+  " a global variable they can check
+  echomsg 'Editing password file--disabled leaky options!'
+  let g:redact_pass_redacted = 1
+
+endfunction
+
+" Auto function loads only when Vim starts up
+augroup redact_pass
+  autocmd!
+  autocmd VimEnter
+        \ /dev/shm/pass.?*/?*.txt
+        \,$TMPDIR/pass.?*/?*.txt
+        \,/tmp/pass.?*/?*.txt
+        \ call s:CheckArgsRedact()
+augroup END