1 files changed, 41 insertions, 0 deletions

diff --git a/contrib/vim/redact_pass.txt b/contrib/vim/redact_pass.txt
new file mode 100644
index 0000000..86d8a25
--- /dev/null
+++ b/contrib/vim/redact_pass.txt
@@ -0,0 +1,41 @@
+*redact_pass.txt*	For Vim version 6.0	Last change: 2018 June 10
+
+DESCRIPTION					*redact_pass*
+
+This plugin switches off the 'viminfo', 'backup', 'writebackup', 'swapfile',
+and 'undofile' options globally when editing a password in `pass(1)`.
+
+This is to prevent anyone being able to extract passwords from your Vim cache
+files in the event of a compromise.
+
+You should test this after installed to ensure you see this message is printed
+whenever you `pass edit`:
+
+> Editing password file--disabled leaky options!
+
+REQUIREMENTS					*redact_pass-requirements*
+
+This plugin is only available if 'compatible' is not set. It also requires the
+|+autocmd| feature.
+
+IMPLEMENTATION					*redact_pass-implementation*
+
+The options are disabled globally rather than attempting to set them local to
+the buffer only, which was the flawed approach of previous versions. This is
+mostly because of the 'viminfo' option; it's global, and there's no meaningful
+way to exclude information from the sensitive buffer from appearing in it.
+
+Because the typical use case for editing a password file in Vim is that you
+load and change a single short document, and then quit, it's more sensible to
+just turn the relevant options off completely, and makes what the plugin is
+doing more reliable and straightforward to understand.
+
+AUTHOR						*redact_pass-author*
+
+Written and maintained by Tom Ryder <tom@sanctum.geek.nz>.
+
+LICENSE						*redact_pass-license*
+
+Licensed for distribution under the same terms as the pass(1) project.
+
+ vim:tw=78:ts=8:ft=help:norl: