13

I am interested in using vim to edit a "secure" file, one that is stored encrypted elsewhere (say, somewhere in the cloud), and should not be written as plaintext to the local disk. So the sequence of events might be (with a separate wrapper script or something for non-vim steps 1, 2, and 5):

  1. Retrieve encrypted file from the cloud
  2. Decrypt the file, and launch vim while passing the plaintext to vim for editing (perhaps over a new file descriptor?)
  3. Edit with vim interactively
  4. When the file is written using :w, write the result (again, through a file descriptor?)
  5. Encrypt the new plaintext and store back in the cloud

Now, I understand that the usual way to do this sort of thing is to decrypt, write a temporary file, edit the temporary file in vim, read the temporary file, encrypt, wipe/delete the temp file. What I'm looking for is a way to avoid using a temporary file at all. (Also, everything in The simplest way to start Vim in private mode would be set.)

Another way to approach this might be to use something like netrw, which I'm not terribly familiar with.

For the purposes of this question, I'm not concerned about the OS swap data (but if there's a vim way to mark its internal data buffers as non-swappable, that would be interesting).

Is there a way to do the above, or better yet, has somebody else already solved this?

Improve this question
3
  • I guess one solution would be to mount your remote filesystem on your machine (something like sshfs for example) this way you can navigate to your file, decrypt it, edit it and save it directly on the remote fs. Vim also allows remote editing maybe you'll find something interesting in this wikia tip. Commented Aug 11, 2017 at 8:08
  • Does step 2 imply an interactive process? Do you need to write a password? Commented Sep 26, 2017 at 22:44
  • @ЯрославРахматуллин: Either way, some ideas I have for this require a password and some do not. Commented Sep 26, 2017 at 23:54

2 Answers 2

Reset to default
2

There are some things hidden in the vim docs that can help you.

  1. read ! your shell command: read the output of "your shell command" into the current buffer (a tempfile is used to read the data!)
  2. let data = system('your shell command'): read data into a vim variable (I did not find any reference to tempfiles in the docs on this). Modern vim and neovim also have asynchronus variants of this.
  3. set buftype=acwrite: tell vim that the buffer should only be saved with an autocommand
  4. autocmd BufWriteCmd <buffer> your-vim-command: write the contents of the current buffer by executing :your-vim-command. This autocommand is triggered when you :write the file in question.

In addition to the topics from the list above sou should also read about vim's use of tempfiles (help tempfile) to decide if they are save enough for you.

There is a plugin to edit gpg encryped files that might implement some of the features you want (do you want to use gpg encryped files?). Otherwise the code could maybe be inspirational for you to write your own stuff: https://github.com/jamessan/vim-gnupg (I know they don't have a readme and such but the plugin is good and actively maintained).

Improve this answer
1

Assuming you have commands decrypt and encrypt that use stdout and stdin:

# open vim using stdin decrypt secret.msg | vim -

Then after you edit the file in vim:

:w !encrypt secret2.msg

That is equivalent to sending the vim buffer to the pipe | encrypt secret2.msg

I think that should avoid creating temporary files, assuming you have set all the private vim options.

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.