Charlie Harvey

Vim Tip: Edit GPG files transparently

Written by Charlie on

A super quick Vim tip today courtesy of Patrick R. McDonald. I was looking for a nice way to have Vim open up files that I had GPGed. That is how I store passwords and its a faff and potentially insecure to decrypt, edit and resave. Nicer to have Vim open your GPG file directly. Patrick’s solution, Using GPG with Vi, based on work by Wouter Hanegraaff is just what I needed, using Vim’s aucmd functionality to prompt for passwords and to switch off viminfo and swap file. The caveat is that your kernel may write decrypted data to swap. But then of course you’ve encrypted your swap partition, right?

All that you need to do is post this code into your .vimrc file (it is in /home/youruser/.vimrc). " Transparent editing of GnuPG-encrypted files " Written by Patrick R. McDonald at https://www.antagonism.org/privacy/gpg-vi.shtml " Based on a solution by Wouter Hanegraaff augroup encrypted au! " First make sure nothing is written to ~/.viminfo while editing " an encrypted file. autocmd BufReadPre,FileReadPre *.gpg,*.asc set viminfo= " We don't want a swap file, as it writes unencrypted data to disk. autocmd BufReadPre,FileReadPre *.gpg,*.asc set noswapfile " Switch to binary mode to read the encrypted file. autocmd BufReadPre,FileReadPre *.gpg set bin autocmd BufReadPre,FileReadPre *.gpg,*.asc let ch_save = &ch|set ch=2 autocmd BufReadPost,FileReadPost *.gpg,*.asc \ '[,']!sh -c 'gpg --decrypt 2> /dev/null' " Switch to normal mode for editing autocmd BufReadPost,FileReadPost *.gpg set nobin autocmd BufReadPost,FileReadPost *.gpg,*.asc let &ch = ch_save|unlet ch_save autocmd BufReadPost,FileReadPost *.gpg,*.asc \ execute ":doautocmd BufReadPost " . expand("%:r") " Convert all text to encrypted text before writing autocmd BufWritePre,FileWritePre *.gpg set bin autocmd BufWritePre,FileWritePre *.gpg \ '[,']!sh -c 'gpg --default-recipient-self -e 2>/dev/null' autocmd BufWritePre,FileWritePre *.asc \ '[,']!sh -c 'gpg --default-recipient-self -e -a 2>/dev/null' " Undo the encryption so we are back in the normal text, directly " after the file has been written. autocmd BufWritePost,FileWritePost *.gpg,*.asc u augroup END


Comments

  • Be respectful. You may want to read the comment guidelines before posting.
  • You can use Markdown syntax to format your comments. You can only use level 5 and 6 headings.
  • You can add class="your language" to code blocks to help highlight.js highlight them correctly.

Privacy note: This form will forward your IP address, user agent and referrer to the Akismet, StopForumSpam and Botscout spam filtering services. I don’t log these details. Those services will. I do log everything you type into the form. Full privacy statement.