The following text describes how to set up an encrypted secrets-file
for transparent editing (so that the file is decrypted on read, and
encrypted on write). It uses
Vim on Arch Linux.
Actions below are described in more detail http://vim.wikia.com/wiki/Encryption.
pacman -S ccrypt
touch secrets.txt && ccrypt -e secrets.txt, and give a passphrase
augroup CPT au! au BufReadPre *.cpt set bin au BufReadPre *.cpt set viminfo= au BufReadPre *.cpt set noswapfile au BufReadPost *.cpt let $vimpass = inputsecret("Password: ") au BufReadPost *.cpt silent '[,']!ccrypt -cb -E vimpass au BufReadPost *.cpt set nobin au BufWritePre *.cpt set bin au BufWritePre *.cpt '[,']!ccrypt -e -E vimpass au BufWritePost *.cpt u au BufWritePost *.cpt set nobin augroup END
You can now edit
secrets.txt.cpt, and it'll be encrypted/decrypted on-the-fly.
Q: How to remember the passphrase for the secrets-file itself?
A: think up a number of personal challenges/responses, and construct the name of the secrets-file out of the challenges, or keywords refering to them.
As the original text and the
ccrypt(1) manpage suggests, most modern *nix derivates
don't allow an unprivileged user to see the environment of non-owned processes.
can, however, e.g. through