sponsor Vim development Vim logo Vim Book Ad

gnupg.vim : Plugin for transparent editing of gpg encrypted files.

 script karma  Rating 1047/348, Downloaded by 18544  Comments, bugs, improvements  Vim wiki

created by
James McCoy
script type
This script implements transparent editing of gpg encrypted files. The filename must have a ".gpg", ".pgp" or ".asc" suffix. When opening such a file the content is decrypted, when opening a new file the script will ask for the recipients of the encrypted file. The file content will be encrypted to all recipients before it is written. The script turns off viminfo, swapfile, and undofile to increase security.

This is a continuation of the work initially done by Markus Braun in vimscript #661.  Development takes place at https://github.com/jamessan/vim-gnupg.
install details
Use your favorite plugin manager.

For manual installation, use either pathogen (for older Vim versions) or Vim's packages.  Unpack into either ~/.vim/bundle or ~/.vim/pack/gnupg/start/, respectively.

From `man 1 gpg-agent`:

> You should always add the following lines to your `.bashrc` or whatever
> initialization file is used for all shell invocations:
>     GPG_TTY=`tty`
>     export GPG_TTY
> It is important that this environment variable always reflects the output of
> the tty command. For W32 systems this option is not required.

Most distributions provide software to ease handling of gpg and gpg-agent.
Examples are keychain or seahorse.

If there are specific actions that should take place when editing a
GnuPG-managed buffer, an autocmd for the User event and GnuPG pattern can be
defined. For example, the following will set `textwidth` to 72 for all
GnuPG-encrypted buffers:

    autocmd User GnuPG setl textwidth=72

This will be triggered before any BufRead or BufNewFile autocmds, and therefore
will not take precedence over settings specific to any filetype that may get

rate this script Life Changing Helpful Unfulfilling 
script versions (upload new version)

Click on the package to download.

package script version date Vim version user release notes
vim-gnupg-v2.7.1.zip 2.7.1 2020-11-12 7.2 James McCoy * Clear GPGOptions/GPGRecipients autocommands on BufUnload
* Return early from Finish functions when buffer is not displayed
vim-gnupg-v2.7.0.zip 2.7.0 2020-11-10 7.2 James McCoy * Re-structure plugin so most of the implementation is under autoload/, with only required functionality in plugin/.  Thanks to Lucas Hoffmann for the help.
* Split the documentation into README (description, intro) and Vim help files (details relevant for usage).  Thanks to Victor Koronen.
* Honor 'verbose' to determine when to emit debug logs, as a gradual move away from g:GPGDebugLevel/g:GPGDebugLog
* Do not use the '[/'] marks when saving the entire buffer to disk.  This fixes an issue where plugins which reformat the buffer on save were causing only the reformatted portion of the buffer to be saved.
gnupg.vim 2.6.1 2018-08-08 7.2 James McCoy * Preserve &readonly setting even if the file itself isn't read-only (e.g., using "vim -R" or ":view")
* Let Vim detect file encoding and file format when opening the file
* Remove unnecessary (and potentially damaging) changing of &encoding when reading/writing the encrypted file
* Avoid adding extra blank lines to buffer when loading unencrypted files
* Set &buftype='acwrite' to ensure encrypted buffers are only saved via the plugin's BufWriteCmd
* Add support for Gpg4win so the plugin can be used under cygwin
* Better mimic Vim's behavior when using ":saveas" or ":w newfile", and leave the original buffer modified
* Improve handling of options and recipients buffers to avoid one triggering the other
* Check for the standard armor header, rather than inspecting gpg's output to determine if a file is armored
gnupg.vim 2.6 2016-04-25 7.2 James McCoy * Improved support for GPG 2.x
* New g:GPGPossibleRecipients option to pre-populate the recipients list
* New g:GPGFilePattern option to define which files will be handled by the plugin
* Work around interactions between Vim and gpg/pinentry that caused special keys (e.g., arrows) to stop being recognized in Vim
* Trigger FileWritePre/Post before/after saving a portion of a buffer
* Trigger BufReadPre/FileReadPre before reading encrypted files
* The buffer is now marked readonly if the source file does not have write permissions
gnupg.vim 2.5 2012-06-01 7.2 James McCoy * Ignore keys that aren't usable for encryption instead of simply ones that are expired
gnupg.vim 2.4 2012-05-31 7.2 James McCoy * Improvements when an encrypted file is being '":read" into another buffer.
** Don't wipeout the current buffer if decryption fails.
** Use the current buffer's settings for 'swapfile' and 'undofile' instead of disabling them.
* Make 'u' a no-op immediately after loading the file, just like with normal files.
* Avoid prompting for disambiguation of keys once the user has selected which one to use.
* Ignore expired keys when trying to find a matching key for an id entered in ":GPGEditRecipients"
gnupg.vim 2.3 2011-11-23 7.2 James McCoy * Resolve the filename when saving to follow symlinks.
* Add support for specifying an alternate --homedir, using the g:GPGHomedir variable
gnupg.vim 2.2 2011-08-13 7.0 James McCoy Correctly handle the different keyid-format options
gnupg.vim 2.1 2011-08-10 7.2 James McCoy Add g:GPGUsePipes variable to avoid saving unencrypted data to tempfiles (in a private directory)
gnupg.vim 2.0 2011-06-26 7.2 James McCoy Initial upload
ip used for rating:

If you have questions or remarks about this site, visit the vimonline development pages. Please use this site responsibly.
Questions about Vim should go to the maillist. Help Bram help Uganda.