3

I frequently use the :x command in vim to encrypt files on my computer. Recently I've wanted to do some processing on these files in ruby.

I have an app that has all "secrets" in env vars. My idea is actually to just have ONE secret 'password' env var. I'm considering a method for this and future apps where I just have an encrypted file I can keep in source control with all my sensitive data, and then only have to maintain one env var. Not sure how viable it is tho.

Is there a way to read them with ruby, and maybe even save them?

My current idea is to somehow call vi directly from ruby, pass the password in the command, and somehow get the output. I don't know if this is possible, and I'm having trouble finding out if is.

Thanks

pixelearth
  • 13,674
  • 10
  • 62
  • 110
  • Do you know which encryption algorithm is being used by vim? (`:setlocal cm?`) You should be able to open the file with ruby and decrypt it using the appropriate library for that encryption type. – Greg Feb 11 '16 at 19:02
  • :setlocal cm? => zip – pixelearth Feb 11 '16 at 19:08
  • Just search for a zip decrypter in ruby, zip is also known as "standard encryption" – sidyll Feb 11 '16 at 19:36
  • I tried that before posting: Archive::Zip::UnzipError: unable to locate end-of-central-directory record – pixelearth Feb 11 '16 at 19:56

1 Answers1

1

I don't have the ruby expertise, but, if you don't mind exposing your password in plain text, you can make Vim write the file contents to stdout:

$ vim -Nesc 'set key=some\ passphrase | e foo.txt | %p | q!'
foo bar

Vim will use key as the passphrase if it is set, and prompt otherwise. So, you can set key, then open the file, and print it all (%p), then quit. I'm running it in silent ex-mode (-e -s), with compatibility turned off (-N).

You can probably use Getting output of system() calls in Ruby or Running a command from Ruby displaying and capturing the output to handle the Ruby part. The second answer of the former can perhaps be used in conjunction with the passphrase stored in a variable.

You can adapt this to environment variables:

$ pass='some password' vim -Nesc 'let &key = $pass | e foo.txt | %p | wq!'
foo bar
Community
  • 1
  • 1
muru
  • 4,723
  • 1
  • 34
  • 78
  • 1
    Interesting idea, but since he is using zip encryption, if it is to call an external tool in ruby I think it is more efficient and self-explanatory to just call the zip utility to do the job. – sidyll Feb 11 '16 at 19:39
  • I tried that before posting: Archive::Zip::UnzipError: unable to locate end-of-central-directory record – pixelearth Feb 11 '16 at 19:55