pass edit leaking secrets
Patrik Keller
patrik.keller at uibk.ac.at
Wed Jul 21 11:54:30 UTC 2021
Dear all,
it's probably no news for you, but running `pass edit secret` might leak
information to persistent storage if `$EDITOR` is not configured
properly. I got hit by this after switching from vim to neovim. The
latter defaults to storing swap, undo, and backup files in the user's
home directory [0].
My personal thoughts on this are:
1. Neovim should not have changed the default.
2. `pass edit` should warn about the potential leakage.
3. I want to set the password editor independent of `$EDITOR`.
I could imagine the following workflow for `pass edit`:
1. Prefer `$PASS_EDITOR` over `$EDITOR` over `vi`.
2. If `$PASS_EDITOR` is not set print a warning about the potential
leakage and ask for confirmation.
3. Proceed as before.
Do you know a better solution? Maybe one that works w/o changing pass?
Best
Patrik
0: https://github.com/neovim/neovim/issues/4481
More information about the Password-Store
mailing list