summaryrefslogtreecommitdiff
path: root/doc/en/includes
diff options
context:
space:
mode:
authorSébastien Helleu <flashcode@flashtux.org>2021-02-06 16:07:14 +0100
committerSébastien Helleu <flashcode@flashtux.org>2021-02-06 16:07:14 +0100
commitf1c681c832b85178ad6242fd8b16f762510bdddd (patch)
tree2c08c3669fe235be1bb105962e6d6b905349eec1 /doc/en/includes
parentfe9ec8fbda222492679762709733bd8f164455c7 (diff)
downloadweechat-f1c681c832b85178ad6242fd8b16f762510bdddd.zip
core: replace option sec.crypt.passphrase_file by sec.crypt.passphrase_command (closes #141)
The command is used to read the passphrase on startup, for example using your favorite password manager. Note: only the passphrase is read from the program, the secured data is still stored encrypted in sec.conf and handled by WeeChat itself.
Diffstat (limited to 'doc/en/includes')
-rw-r--r--doc/en/includes/autogen_user_commands.en.adoc4
-rw-r--r--doc/en/includes/autogen_user_options.en.adoc4
2 files changed, 5 insertions, 3 deletions
diff --git a/doc/en/includes/autogen_user_commands.en.adoc b/doc/en/includes/autogen_user_commands.en.adoc
index ffcb3199d..5ceba339c 100644
--- a/doc/en/includes/autogen_user_commands.en.adoc
+++ b/doc/en/includes/autogen_user_commands.en.adoc
@@ -1873,7 +1873,7 @@ Keys on secure buffer:
alt+v toggle values
When a passphrase is used (data encrypted), it is asked by WeeChat on startup.
-It is possible to set environment variable "WEECHAT_PASSPHRASE" to prevent the prompt (this same variable is used by WeeChat on /upgrade), or to set option sec.crypt.passphrase_file to read the passphrase from a file (see /help sec.crypt.passphrase_file).
+It is possible to set environment variable "WEECHAT_PASSPHRASE" to prevent the prompt (this same variable is used by WeeChat on /upgrade), or to set option sec.crypt.passphrase_command to read the passphrase from the output of an external command like a password manager (see /help sec.crypt.passphrase_command).
Secured data with format ${sec.data.xxx} can be used in:
- command /eval
@@ -1884,6 +1884,8 @@ Secured data with format ${sec.data.xxx} can be used in:
Examples:
set a passphrase:
/secure passphrase this is my passphrase
+ use program "pass" to read the passphrase on startup:
+ /set sec.crypt.passphrase_command "pass show weechat/passphrase"
encrypt freenode SASL password:
/secure set freenode mypassword
/set irc.server.freenode.sasl_password "${sec.data.freenode}"
diff --git a/doc/en/includes/autogen_user_options.en.adoc b/doc/en/includes/autogen_user_options.en.adoc
index 05d07fea8..1a71926d2 100644
--- a/doc/en/includes/autogen_user_options.en.adoc
+++ b/doc/en/includes/autogen_user_options.en.adoc
@@ -16,8 +16,8 @@
** values: sha224, sha256, sha384, sha512
** default value: `+sha256+`
-* [[option_sec.crypt.passphrase_file]] *sec.crypt.passphrase_file*
-** description: pass:none[path to a file containing the passphrase to encrypt/decrypt secured data; this option is used only when reading file sec.conf; only first line of file is used; this file is used only if the environment variable "WEECHAT_PASSPHRASE" is not set (the environment variable has higher priority); security note: it is recommended to keep this file readable only by you and store it outside WeeChat home (for example in your home); example: "~/.weechat-passphrase"]
+* [[option_sec.crypt.passphrase_command]] *sec.crypt.passphrase_command*
+** description: pass:none[read the passphrase from the output of this command (only the first line is used and it must not contain any extra character); this option is used only when reading file sec.conf and if the environment variable "WEECHAT_PASSPHRASE" is not set (the environment variable has higher priority); example with password-store: "pass show weechat/passphrase"]
** type: string
** values: any string
** default value: `+""+`