diff options
author | Sébastien Helleu <flashcode@flashtux.org> | 2021-02-06 16:07:14 +0100 |
---|---|---|
committer | Sébastien Helleu <flashcode@flashtux.org> | 2021-02-06 16:07:14 +0100 |
commit | f1c681c832b85178ad6242fd8b16f762510bdddd (patch) | |
tree | 2c08c3669fe235be1bb105962e6d6b905349eec1 /doc/en/includes | |
parent | fe9ec8fbda222492679762709733bd8f164455c7 (diff) | |
download | weechat-f1c681c832b85178ad6242fd8b16f762510bdddd.zip |
core: replace option sec.crypt.passphrase_file by sec.crypt.passphrase_command (closes #141)
The command is used to read the passphrase on startup, for example using your
favorite password manager.
Note: only the passphrase is read from the program, the secured data is still
stored encrypted in sec.conf and handled by WeeChat itself.
Diffstat (limited to 'doc/en/includes')
-rw-r--r-- | doc/en/includes/autogen_user_commands.en.adoc | 4 | ||||
-rw-r--r-- | doc/en/includes/autogen_user_options.en.adoc | 4 |
2 files changed, 5 insertions, 3 deletions
diff --git a/doc/en/includes/autogen_user_commands.en.adoc b/doc/en/includes/autogen_user_commands.en.adoc index ffcb3199d..5ceba339c 100644 --- a/doc/en/includes/autogen_user_commands.en.adoc +++ b/doc/en/includes/autogen_user_commands.en.adoc @@ -1873,7 +1873,7 @@ Keys on secure buffer: alt+v toggle values When a passphrase is used (data encrypted), it is asked by WeeChat on startup. -It is possible to set environment variable "WEECHAT_PASSPHRASE" to prevent the prompt (this same variable is used by WeeChat on /upgrade), or to set option sec.crypt.passphrase_file to read the passphrase from a file (see /help sec.crypt.passphrase_file). +It is possible to set environment variable "WEECHAT_PASSPHRASE" to prevent the prompt (this same variable is used by WeeChat on /upgrade), or to set option sec.crypt.passphrase_command to read the passphrase from the output of an external command like a password manager (see /help sec.crypt.passphrase_command). Secured data with format ${sec.data.xxx} can be used in: - command /eval @@ -1884,6 +1884,8 @@ Secured data with format ${sec.data.xxx} can be used in: Examples: set a passphrase: /secure passphrase this is my passphrase + use program "pass" to read the passphrase on startup: + /set sec.crypt.passphrase_command "pass show weechat/passphrase" encrypt freenode SASL password: /secure set freenode mypassword /set irc.server.freenode.sasl_password "${sec.data.freenode}" diff --git a/doc/en/includes/autogen_user_options.en.adoc b/doc/en/includes/autogen_user_options.en.adoc index 05d07fea8..1a71926d2 100644 --- a/doc/en/includes/autogen_user_options.en.adoc +++ b/doc/en/includes/autogen_user_options.en.adoc @@ -16,8 +16,8 @@ ** values: sha224, sha256, sha384, sha512 ** default value: `+sha256+` -* [[option_sec.crypt.passphrase_file]] *sec.crypt.passphrase_file* -** description: pass:none[path to a file containing the passphrase to encrypt/decrypt secured data; this option is used only when reading file sec.conf; only first line of file is used; this file is used only if the environment variable "WEECHAT_PASSPHRASE" is not set (the environment variable has higher priority); security note: it is recommended to keep this file readable only by you and store it outside WeeChat home (for example in your home); example: "~/.weechat-passphrase"] +* [[option_sec.crypt.passphrase_command]] *sec.crypt.passphrase_command* +** description: pass:none[read the passphrase from the output of this command (only the first line is used and it must not contain any extra character); this option is used only when reading file sec.conf and if the environment variable "WEECHAT_PASSPHRASE" is not set (the environment variable has higher priority); example with password-store: "pass show weechat/passphrase"] ** type: string ** values: any string ** default value: `+""+` |