path: root/doc
diff options
authorSébastien Helleu <>2021-02-06 16:07:14 +0100
committerSébastien Helleu <>2021-02-06 16:07:14 +0100
commitf1c681c832b85178ad6242fd8b16f762510bdddd (patch)
tree2c08c3669fe235be1bb105962e6d6b905349eec1 /doc
parentfe9ec8fbda222492679762709733bd8f164455c7 (diff)
core: replace option sec.crypt.passphrase_file by sec.crypt.passphrase_command (closes #141)
The command is used to read the passphrase on startup, for example using your favorite password manager. Note: only the passphrase is read from the program, the secured data is still stored encrypted in sec.conf and handled by WeeChat itself.
Diffstat (limited to 'doc')
18 files changed, 220 insertions, 119 deletions
diff --git a/doc/de/includes/ b/doc/de/includes/
index 64320b43e..c3b45fe01 100644
--- a/doc/de/includes/
+++ b/doc/de/includes/
@@ -1860,38 +1860,40 @@ Standardmäßig werden alle Konfigurationsdateien beim Ausführen des /quit Befe
set <name> <value>
del <name>
-passphrase: ändern der Passphrase (ohne Passphrase, werden die Daten in der Datei sec.conf in Klartext gesichert)
- -delete: löscht Passphrase
- decrypt: entschlüsselt Daten nachträglich (dies passiert nur falls die Passphrase beim Start nicht angegeben wurde)
- -discard: verwirft alle verschlüsselten Daten
- set: fügt eine schutzwürdige Information hinzu oder ändert eine bestehende
- del: entfernt eine schutzwürdige Information
-Ohne Angabe von Argumenten wird ein neuer Buffer geöffnet und die schutzwürdigen Informationen können dort eingesehen werden.
-Tastenbefehle für den secure-Buffer:
- alt+v Werte werden in Klartext angezeigt bzw. verborgen
-Wird eine Passphrase verwendet (Daten liegen verschlüsselt vor), fragt WeeChat beim Start die Passphrase ab.
-Setzt man die Umgebungsvariable "WEECHAT_PASSPHRASE", kann die Eingabeaufforderung der Passphrase beim Programmstart vermieden werden (diese Variable wird von WeeChat auch beim /upgrade verwendet). Es ist auch möglich in der Option sec.crypt.passphrase_file eine Datei anzugeben die die Passphrase beinhaltet (siehe /help sec.crypt.passphrase_file)
-schutzwürdige Daten mit dem Format ${} können wie folgt genutzt werden:
- - Befehl /eval.
- - Argument in der Befehlszeile für "--run-command"
- - Einstellung weechat.startup.command_{before|after}_plugins
- - weitere Optionen die Passwörter oder sensible Daten beinhalten (zum Beispiel: proxy, irc server und relay); nutze /help mit der entsprechenden Option um zu überprüfen ob die Daten evaluiert werden.
- festlegen eine Passphrase:
- /secure passphrase Dies ist meine Passphrase
- verschlüsselt freenode SASL Passwort:
- /secure set freenode meinPasswort
+passphrase: change the passphrase (without passphrase, data is stored as plain text in file sec.conf)
+ -delete: delete passphrase
+ decrypt: decrypt data still encrypted (it happens only if passphrase was not given on startup)
+ -discard: discard all data still encrypted
+ set: add or change secured data
+ del: delete secured data
+Without argument, this command displays secured data in a new buffer.
+Keys on secure buffer:
+ alt+v toggle values
+When a passphrase is used (data encrypted), it is asked by WeeChat on startup.
+It is possible to set environment variable "WEECHAT_PASSPHRASE" to prevent the prompt (this same variable is used by WeeChat on /upgrade), or to set option sec.crypt.passphrase_command to read the passphrase from the output of an external command like a password manager (see /help sec.crypt.passphrase_command).
+Secured data with format ${} can be used in:
+ - command /eval
+ - command line argument "--run-command"
+ - options weechat.startup.command_{before|after}_plugins
+ - other options that may contain a password or sensitive data (for example proxy, irc server and relay); see /help on the options to check if they are evaluated.
+ set a passphrase:
+ /secure passphrase this is my passphrase
+ use program "pass" to read the passphrase on startup:
+ /set sec.crypt.passphrase_command "pass show weechat/passphrase"
+ encrypt freenode SASL password:
+ /secure set freenode mypassword
/set irc.server.freenode.sasl_password "${}"
- verschlüsselt oftc Passwort für nickserv:
- /secure set oftc meinPasswort
+ encrypt oftc password for nickserv:
+ /secure set oftc mypassword
/set irc.server.oftc.command "/msg nickserv identify ${}"
- Alternativbefehl um den eigenen Nick zu ghosten:
- /alias add ghost /eval /msg -server freenode nickserv ghost meinNick ${}
+ alias to ghost the nick "mynick":
+ /alias add ghost /eval /msg -server freenode nickserv ghost mynick ${}
diff --git a/doc/de/includes/ b/doc/de/includes/
index 0321f5d9b..7b167fe93 100644
--- a/doc/de/includes/
+++ b/doc/de/includes/
@@ -16,8 +16,8 @@
** Werte: sha224, sha256, sha384, sha512
** Standardwert: `+sha256+`
-* [[option_sec.crypt.passphrase_file]] *sec.crypt.passphrase_file*
-** Beschreibung: pass:none[Pfad zu einer Datei die die Passphrase enthält um damit schutzwürdige Daten zu ver- und entschlüsseln. Diese Einstellung findet nur Anwendung, wenn die Datei sec.conf gelesen wird. Es wird auch nur die erste Zeile eingelesen. Diese Datei wird nur verwendet, falls die Umgebungsvariable "WEECHAT_PASSPHRASE" nicht genutzt wird (die Umgebungsvariable besitzt eine höhere Priorität). Sicherheitshinweis: Es ist anzuraten dieser Datei nur für die eigene Person Leserechte zu gewähren und die Datei nicht im Heimatverzeichnis von WeeChat zu sichern (zum Beispiel im /home/ Order); Beispiel: "~/.weechat-passphrase"]
+* [[option_sec.crypt.passphrase_command]] *sec.crypt.passphrase_command*
+** Beschreibung: pass:none[read the passphrase from the output of this command (only the first line is used and it must not contain any extra character); this option is used only when reading file sec.conf and if the environment variable "WEECHAT_PASSPHRASE" is not set (the environment variable has higher priority); example with password-store: "pass show weechat/passphrase"]
** Typ: Zeichenkette
** Werte: beliebige Zeichenkette
** Standardwert: `+""+`
diff --git a/doc/de/ b/doc/de/
index 312ed50bf..9aaf87ddc 100644
--- a/doc/de/
+++ b/doc/de/
@@ -2237,11 +2237,26 @@ da ansonsten die Daten in Klartext gesichert werden.
/secure passphrase Dies ist meine Passphrase
-Wenn eine Passphrase genutzt wird fragt WeeChat diese beim Programmstart
-ab (bei einem `/upgrade` ist dies nicht der Fall).
+===== Passphrase on startup
-Die Passphrase kann auch in einer Datei gesichert werden (siehe Option
+When a passphrase is set, WeeChat will ask you to enter it on startup
+(but not on `/upgrade`).
+If you are using a password manager, you can run an external program to read
+the passphrase instead of having to type it manually on WeeChat startup. +
+For example with password-store (command `pass`):
+/set sec.crypt.passphrase_command "pass show weechat/passphrase"
+The program may ask you unlock your GPG key or enter another passphrase to
+read the secret. WeeChat will wait for the end of the command to read the
+passphrase on the standard output (it must be on the first line without any
+extra character). +
+If the output contains no passphrase or if it is wrong, WeeChat will then ask
+you to enter it.
===== Verschlüsselung
diff --git a/doc/en/includes/autogen_user_commands.en.adoc b/doc/en/includes/autogen_user_commands.en.adoc
index ffcb3199d..5ceba339c 100644
--- a/doc/en/includes/autogen_user_commands.en.adoc
+++ b/doc/en/includes/autogen_user_commands.en.adoc
@@ -1873,7 +1873,7 @@ Keys on secure buffer:
alt+v toggle values
When a passphrase is used (data encrypted), it is asked by WeeChat on startup.
-It is possible to set environment variable "WEECHAT_PASSPHRASE" to prevent the prompt (this same variable is used by WeeChat on /upgrade), or to set option sec.crypt.passphrase_file to read the passphrase from a file (see /help sec.crypt.passphrase_file).
+It is possible to set environment variable "WEECHAT_PASSPHRASE" to prevent the prompt (this same variable is used by WeeChat on /upgrade), or to set option sec.crypt.passphrase_command to read the passphrase from the output of an external command like a password manager (see /help sec.crypt.passphrase_command).
Secured data with format ${} can be used in:
- command /eval
@@ -1884,6 +1884,8 @@ Secured data with format ${} can be used in:
set a passphrase:
/secure passphrase this is my passphrase
+ use program "pass" to read the passphrase on startup:
+ /set sec.crypt.passphrase_command "pass show weechat/passphrase"
encrypt freenode SASL password:
/secure set freenode mypassword
/set irc.server.freenode.sasl_password "${}"
diff --git a/doc/en/includes/autogen_user_options.en.adoc b/doc/en/includes/autogen_user_options.en.adoc
index 05d07fea8..1a71926d2 100644
--- a/doc/en/includes/autogen_user_options.en.adoc
+++ b/doc/en/includes/autogen_user_options.en.adoc
@@ -16,8 +16,8 @@
** values: sha224, sha256, sha384, sha512
** default value: `+sha256+`
-* [[option_sec.crypt.passphrase_file]] *sec.crypt.passphrase_file*
-** description: pass:none[path to a file containing the passphrase to encrypt/decrypt secured data; this option is used only when reading file sec.conf; only first line of file is used; this file is used only if the environment variable "WEECHAT_PASSPHRASE" is not set (the environment variable has higher priority); security note: it is recommended to keep this file readable only by you and store it outside WeeChat home (for example in your home); example: "~/.weechat-passphrase"]
+* [[option_sec.crypt.passphrase_command]] *sec.crypt.passphrase_command*
+** description: pass:none[read the passphrase from the output of this command (only the first line is used and it must not contain any extra character); this option is used only when reading file sec.conf and if the environment variable "WEECHAT_PASSPHRASE" is not set (the environment variable has higher priority); example with password-store: "pass show weechat/passphrase"]
** type: string
** values: any string
** default value: `+""+`
diff --git a/doc/en/weechat_user.en.adoc b/doc/en/weechat_user.en.adoc
index d39f6190e..3c52531d0 100644
--- a/doc/en/weechat_user.en.adoc
+++ b/doc/en/weechat_user.en.adoc
@@ -2199,11 +2199,25 @@ but highly recommended, otherwise data is stored as plain text in file.
/secure passphrase this is my passphrase
-When a passphrase is set, WeeChat will ask you to enter it on startup (but not
-on `/upgrade`).
+===== Passphrase on startup
-You can change this behavior and use a file with the passphrase (see option
+When a passphrase is set, WeeChat will ask you to enter it on startup
+(but not on `/upgrade`).
+If you are using a password manager, you can run an external program to read
+the passphrase instead of having to type it manually on WeeChat startup. +
+For example with password-store (command `pass`):
+/set sec.crypt.passphrase_command "pass show weechat/passphrase"
+The program may ask you unlock your GPG key or enter another passphrase to
+read the secret. WeeChat will wait for the end of the command to read the
+passphrase on the standard output (it must be on the first line without any
+extra character). +
+If the output contains no passphrase or if it is wrong, WeeChat will then ask
+you to enter it.
===== Encryption
diff --git a/doc/fr/includes/ b/doc/fr/includes/
index 08876550b..1807f7d26 100644
--- a/doc/fr/includes/
+++ b/doc/fr/includes/
@@ -1873,7 +1873,7 @@ Les touches sur le tampon des données sécurisées :
alt+v afficher/cacher les valeurs
Lorsqu'une phrase de chiffrement est utilisée (données chiffrées), elle est demandée au démarrage de WeeChat.
-Il est possible de définir la variable d'environnement WEECHAT_PASSPHRASE pour éviter la demande (cette même variable est utilisée par WeeChat sur le /upgrade) ou de définir l'option sec.crypt.passphrase_file pour lire la phrase de chiffrement depuis un fichier (voir /help sec.crypt.passphrase_file).
+Il est possible de définir la variable d'environnement WEECHAT_PASSPHRASE pour éviter la demande (cette même variable est utilisée par WeeChat sur le /upgrade) ou de définir l'option sec.crypt.passphrase_command pour lire la phrase de chiffrement depuis la sortie d'une commande externe comme un gestionnaire de mots de passe (voir /help sec.crypt.passphrase_command).
Les données sécurisées avec le format ${} peuvent être utilisées dans :
- la commande /eval
@@ -1884,6 +1884,8 @@ Les données sécurisées avec le format ${} peuvent être utilisée
Exemples :
définir une phrase de chiffrement :
/secure passphrase ceci est ma phrase de chiffrement
+ utiliser le programme "pass" pour lire la phrase de chiffrement au démarrage :
+ /set sec.crypt.passphrase_command "pass show weechat/passphrase"
chiffrer le mot de passe freenode SASL :
/secure set freenode motdepasse
/set irc.server.freenode.sasl_password "${}"
diff --git a/doc/fr/includes/ b/doc/fr/includes/
index e6ae57c62..95e72f792 100644
--- a/doc/fr/includes/
+++ b/doc/fr/includes/
@@ -16,8 +16,8 @@
** valeurs: sha224, sha256, sha384, sha512
** valeur par défaut: `+sha256+`
-* [[option_sec.crypt.passphrase_file]] *sec.crypt.passphrase_file*
-** description: pass:none[chemin vers un fichier contenant la phrase de chiffrement pour (dé)chiffrer les données sécurisées ; cette option est utilisée seulement lors de la lecture du fichier sec.conf ; seulement la première ligne du fichier est utilisée ; ce fichier est utilisé seulement si la variable d'environnement "WEECHAT_PASSPHRASE" n'est pas définie (la variable d'environnement a une priorité plus haute) ; note de sécurité : il est recommandé de garder ce fichier en lecture seulement par vous et de le stocker en dehors du "home" WeeChat (par exemple dans votre "home") ; exemple : "~/.weechat-passphrase"]
+* [[option_sec.crypt.passphrase_command]] *sec.crypt.passphrase_command*
+** description: pass:none[lire la phrase de chiffrement depuis la sortie de cette commande (seule la première ligne est utilisée et elle ne doit contenir aucun autre caractère) ; cette option est utilisée seulement pour lire le fichier sec.conf et si la variable d'environnement "WEECHAT_PASSPHRASE" n'est pas définie (la variable d'environnement a une priorité plus haute) ; exemple avec password-store : "pass show weechat/passphrase"]
** type: chaîne
** valeurs: toute chaîne
** valeur par défaut: `+""+`
diff --git a/doc/fr/ b/doc/fr/
index 3a1fef984..f25289ec8 100644
--- a/doc/fr/
+++ b/doc/fr/
@@ -2275,12 +2275,27 @@ données sont stockées sous forme de texte en clair dans le fichier.
/secure passphrase ceci est ma phrase secrète
+===== Passphrase on startup
Lorsqu'une phrase secrète est définie, WeeChat vous demandera de la saisir lors
du démarrage (mais pas sur `/upgrade`).
-Vous pouvez modifier ce comportement et utiliser un fichier avec la phrase
-secrète (voir l'option
+Si vous utilisez un gestionnaire de mots de passe, vous pouvez lancer
+un programme externe pour lire la phrase de chiffrement au lieu d'avoir
+à l'entrer manuellement au démarrage de WeeChat. +
+Par exemple avec password-store (command `pass`) :
+/set sec.crypt.passphrase_command "pass show weechat/passphrase"
+Le programme peut vous demander de déverrouiller votre clé GPG ou d'entrer une
+autre phrase de chiffrement. WeeChat attendra la fin de la commande pour lire
+la phrase de chiffrement sur la sortie standard (elle doit être sur la première
+ligne et sans caractère supplémentaire). +
+Si la sortie ne contient pas de phrase de chiffrement ou si celle-ci est
+erronée, WeeChat vous demandera alors de la saisir.
===== Chiffrement
diff --git a/doc/it/includes/ b/doc/it/includes/
index 96a42df00..d417e0653 100644
--- a/doc/it/includes/
+++ b/doc/it/includes/
@@ -1873,7 +1873,7 @@ Keys on secure buffer:
alt+v toggle values
When a passphrase is used (data encrypted), it is asked by WeeChat on startup.
-It is possible to set environment variable "WEECHAT_PASSPHRASE" to prevent the prompt (this same variable is used by WeeChat on /upgrade), or to set option sec.crypt.passphrase_file to read the passphrase from a file (see /help sec.crypt.passphrase_file).
+It is possible to set environment variable "WEECHAT_PASSPHRASE" to prevent the prompt (this same variable is used by WeeChat on /upgrade), or to set option sec.crypt.passphrase_command to read the passphrase from the output of an external command like a password manager (see /help sec.crypt.passphrase_command).
Secured data with format ${} can be used in:
- command /eval
@@ -1884,6 +1884,8 @@ Secured data with format ${} can be used in:
set a passphrase:
/secure passphrase this is my passphrase
+ use program "pass" to read the passphrase on startup:
+ /set sec.crypt.passphrase_command "pass show weechat/passphrase"
encrypt freenode SASL password:
/secure set freenode mypassword
/set irc.server.freenode.sasl_password "${}"
diff --git a/doc/it/includes/ b/doc/it/includes/
index 9a8d27a16..a7c74624c 100644
--- a/doc/it/includes/
+++ b/doc/it/includes/
@@ -16,8 +16,8 @@
** valori: sha224, sha256, sha384, sha512
** valore predefinito: `+sha256+`
-* [[option_sec.crypt.passphrase_file]] *sec.crypt.passphrase_file*
-** descrizione: pass:none[path to a file containing the passphrase to encrypt/decrypt secured data; this option is used only when reading file sec.conf; only first line of file is used; this file is used only if the environment variable "WEECHAT_PASSPHRASE" is not set (the environment variable has higher priority); security note: it is recommended to keep this file readable only by you and store it outside WeeChat home (for example in your home); example: "~/.weechat-passphrase"]
+* [[option_sec.crypt.passphrase_command]] *sec.crypt.passphrase_command*
+** descrizione: pass:none[read the passphrase from the output of this command (only the first line is used and it must not contain any extra character); this option is used only when reading file sec.conf and if the environment variable "WEECHAT_PASSPHRASE" is not set (the environment variable has higher priority); example with password-store: "pass show weechat/passphrase"]
** tipo: stringa
** valori: qualsiasi stringa
** valore predefinito: `+""+`
diff --git a/doc/it/ b/doc/it/
index c685072e9..c4df291f2 100644
--- a/doc/it/
+++ b/doc/it/
@@ -2362,11 +2362,26 @@ but highly recommended, otherwise data is stored as plain text in file.
/secure passphrase this is my passphrase
-When a passphrase is set, WeeChat will ask you to enter it on startup (but not
-on `/upgrade`).
+===== Passphrase on startup
+When a passphrase is set, WeeChat will ask you to enter it on startup
+(but not on `/upgrade`).
+If you are using a password manager, you can run an external program to read
+the passphrase instead of having to type it manually on WeeChat startup. +
+For example with password-store (command `pass`):
+/set sec.crypt.passphrase_command "pass show weechat/passphrase"
-You can change this behavior and use a file with the passphrase (see option
+The program may ask you unlock your GPG key or enter another passphrase to
+read the secret. WeeChat will wait for the end of the command to read the
+passphrase on the standard output (it must be on the first line without any
+extra character). +
+If the output contains no passphrase or if it is wrong, WeeChat will then ask
+you to enter it.
===== Encryption
diff --git a/doc/ja/includes/autogen_user_commands.ja.adoc b/doc/ja/includes/autogen_user_commands.ja.adoc
index 7ed6214bf..36e67f1de 100644
--- a/doc/ja/includes/autogen_user_commands.ja.adoc
+++ b/doc/ja/includes/autogen_user_commands.ja.adoc
@@ -1860,37 +1860,39 @@ file: 保存する設定ファイル (拡張子 ".conf" は不要)
set <name> <value>
del <name>
-passphrase: パスフレーズを変更 (パスフレーズがない場合、sec.conf ファイルに平文でデータを保存します)
- -delete: パスフレーズを削除
- decrypt: 暗号化されているデータを復号化 (起動時にパスフレーズが設定されていない場合に起きます)
- -discard: 全ての暗号化データを破棄
- set: 保護データを追加または変更
- del: 保護データを削除
+passphrase: change the passphrase (without passphrase, data is stored as plain text in file sec.conf)
+ -delete: delete passphrase
+ decrypt: decrypt data still encrypted (it happens only if passphrase was not given on startup)
+ -discard: discard all data still encrypted
+ set: add or change secured data
+ del: delete secured data
+Without argument, this command displays secured data in a new buffer.
- alt+v 値を切り替えます
+Keys on secure buffer:
+ alt+v toggle values
-パスフレーズを利用する場合 (データが暗号化されている場合)、WeeChat は起動時にパスフレーズを尋ねます。
-入力を回避するには、環境変数 "WEECHAT_PASSPHRASE" を利用するか (WeeChat は /upgrade の時に同じ変数を利用します)、sec.crypt.passphrase_file オプションを設定してファイルからパスフレーズを読み込みます (/help sec.crypt.passphrase_file を参照してください)。
+When a passphrase is used (data encrypted), it is asked by WeeChat on startup.
+It is possible to set environment variable "WEECHAT_PASSPHRASE" to prevent the prompt (this same variable is used by WeeChat on /upgrade), or to set option sec.crypt.passphrase_command to read the passphrase from the output of an external command like a password manager (see /help sec.crypt.passphrase_command).
-${} の形で書かれた保護データは以下の様に利用できます:
- - /eval コマンド
- - コマンドライン引数 "--run-command"
- - weechat.startup.command_{before|after}_plugins オプション
- - パスワードや機密データを含むと思われるその他のオプション (例えば、プロキシ、irc サーバ、リレー); 保護データが評価されるかを確認するには各オプションの /help を参照してください。
+Secured data with format ${} can be used in:
+ - command /eval
+ - command line argument "--run-command"
+ - options weechat.startup.command_{before|after}_plugins
+ - other options that may contain a password or sensitive data (for example proxy, irc server and relay); see /help on the options to check if they are evaluated.
- パスフレーズを設定:
+ set a passphrase:
/secure passphrase this is my passphrase
- freenode の SASL パスワードを暗号化:
+ use program "pass" to read the passphrase on startup:
+ /set sec.crypt.passphrase_command "pass show weechat/passphrase"
+ encrypt freenode SASL password:
/secure set freenode mypassword
/set irc.server.freenode.sasl_password "${}"
- oftc の nickserv 用パスワードを暗号化:
+ encrypt oftc password for nickserv:
/secure set oftc mypassword
/set irc.server.oftc.command "/msg nickserv identify ${}"
- ニックネーム "mynick" を取り戻すためのエイリアス ghost を設定
+ alias to ghost the nick "mynick":
/alias add ghost /eval /msg -server freenode nickserv ghost mynick ${}
diff --git a/doc/ja/includes/autogen_user_options.ja.adoc b/doc/ja/includes/autogen_user_options.ja.adoc
index 68df967e2..d66608719 100644
--- a/doc/ja/includes/autogen_user_options.ja.adoc
+++ b/doc/ja/includes/autogen_user_options.ja.adoc
@@ -16,8 +16,8 @@
** 値: sha224, sha256, sha384, sha512
** デフォルト値: `+sha256+`
-* [[option_sec.crypt.passphrase_file]] *sec.crypt.passphrase_file*
-** 説明: pass:none[保護データを暗号化/複合化するためのパスフレーズを保存したファイルパス; このオプションは sec.conf ファイルを読むときだけに利用されます; ファイルの 1 行目だけが利用されます; このファイルは環境変数 "WEECHAT_PASSPHRASE" が設定されていないときだけに利用されます (環境変数のほうが優先順位が高いです); セキュリティ上の注意: このファイルを自分だけが読み込める状態にし、WeeChat ホームの外 (例えば自分のホームディレクトリ) に保存しておくことを推奨します; 例: "~/.weechat-passphrase"]
+* [[option_sec.crypt.passphrase_command]] *sec.crypt.passphrase_command*
+** 説明: pass:none[read the passphrase from the output of this command (only the first line is used and it must not contain any extra character); this option is used only when reading file sec.conf and if the environment variable "WEECHAT_PASSPHRASE" is not set (the environment variable has higher priority); example with password-store: "pass show weechat/passphrase"]
** タイプ: 文字列
** 値: 未制約文字列
** デフォルト値: `+""+`
diff --git a/doc/ja/weechat_user.ja.adoc b/doc/ja/weechat_user.ja.adoc
index ed13f719d..fa8a5961e 100644
--- a/doc/ja/weechat_user.ja.adoc
+++ b/doc/ja/weechat_user.ja.adoc
@@ -2244,11 +2244,26 @@ _sec.conf_
/secure passphrase this is my passphrase
-の起動時にパスフレーズの入力が求められるようになります (`/upgrade` 時には求められません)。
+===== Passphrase on startup
+When a passphrase is set, WeeChat will ask you to enter it on startup
+(but not on `/upgrade`).
+If you are using a password manager, you can run an external program to read
+the passphrase instead of having to type it manually on WeeChat startup. +
+For example with password-store (command `pass`):
+/set sec.crypt.passphrase_command "pass show weechat/passphrase"
-(<<option_sec.crypt.passphrase_file,sec.crypt.passphrase_file>> オプションを参照してください)。
+The program may ask you unlock your GPG key or enter another passphrase to
+read the secret. WeeChat will wait for the end of the command to read the
+passphrase on the standard output (it must be on the first line without any
+extra character). +
+If the output contains no passphrase or if it is wrong, WeeChat will then ask
+you to enter it.
===== 暗号化
diff --git a/doc/pl/includes/ b/doc/pl/includes/
index 02f3dd315..f335ad3c0 100644
--- a/doc/pl/includes/
+++ b/doc/pl/includes/
@@ -1859,38 +1859,40 @@ Domyślnie zapisywane na dysku są wszystkie pliki konfiguracyjne podczas wykony
set <nazwa> <wartość>
del <nazwa>
-passphrase: zmienia hasło (bez hasła dane są przechowywane w postaci tekstu w pliku sec.conf)
- -delete: kasuje hasło
- decrypt: rozszyfrowuje dane będące ciągle zaszyfrowane (zdarza się to tylko jeśli hasło nie zostało podane przy uruchomieniu)
- -discard: odrzuca wszystkie nadal zaszyfrowane dane
- set: dodaje lub zmienia zaszyfrowane dane
- del: kasuje zaszyfrowane dane
-Bez argumentu, komenda wyświetli zabezpieczone dane w nowym buforze.
-Kombinacje klawiszy w bezpiecznym buforze:
- alt+v przełącza wartości
-Jeśli używane jest hasło (dane zaszyfrowane), należy je podać podczas startu WeeChat.
-Jest możliwe ustawienie zmiennej środowiskowej "WEECHAT_PASSPHRASE", aby nie podawać hasła przy uruchomieniu (ta sama zmienna jest używana przez WeeChat podczas wykonywania /upgrade).
-Zabezpieczone dane w formacie ${} można użyć w:
- - komendzie /eval
- - argumencie w linii poleceń "--run-command"
- - opcjach weechat.startup.command_{before|after}_plugins
- - innych opcjach, które mogą zawierać hasło lub wrażliwe dane (na przykład proxy, serwer irc i relay); zobacz /help na opcjach żeby sprawdzić czy są przetwarzane.
- ustawienie hasła:
- /secure passphrase to jest moje hasło
- zaszyfrowanie hasła dla freenode SASL:
- /secure set freenode mojehasło
+passphrase: change the passphrase (without passphrase, data is stored as plain text in file sec.conf)
+ -delete: delete passphrase
+ decrypt: decrypt data still encrypted (it happens only if passphrase was not given on startup)
+ -discard: discard all data still encrypted
+ set: add or change secured data
+ del: delete secured data
+Without argument, this command displays secured data in a new buffer.
+Keys on secure buffer:
+ alt+v toggle values
+When a passphrase is used (data encrypted), it is asked by WeeChat on startup.
+It is possible to set environment variable "WEECHAT_PASSPHRASE" to prevent the prompt (this same variable is used by WeeChat on /upgrade), or to set option sec.crypt.passphrase_command to read the passphrase from the output of an external command like a password manager (see /help sec.crypt.passphrase_command).
+Secured data with format ${} can be used in:
+ - command /eval
+ - command line argument "--run-command"
+ - options weechat.startup.command_{before|after}_plugins
+ - other options that may contain a password or sensitive data (for example proxy, irc server and relay); see /help on the options to check if they are evaluated.
+ set a passphrase:
+ /secure passphrase this is my passphrase
+ use program "pass" to read the passphrase on startup:
+ /set sec.crypt.passphrase_command "pass show weechat/passphrase"
+ encrypt freenode SASL password:
+ /secure set freenode mypassword
/set irc.server.freenode.sasl_password "${}"
- zaszyfrowanie hasła dla nickserva na serwerze oftc:
- /secure set oftc mojehasło
+ encrypt oftc password for nickserv:
+ /secure set oftc mypassword
/set irc.server.oftc.command "/msg nickserv identify ${}"
- alias dla polecenia ghost dla nicka "mójnick":
- /alias ghost /eval /msg -server freenode nickserv ghost mójnick ${}
+ alias to ghost the nick "mynick":
+ /alias add ghost /eval /msg -server freenode nickserv ghost mynick ${}
diff --git a/doc/pl/includes/ b/doc/pl/includes/
index 154756209..dc4ebfbb3 100644
--- a/doc/pl/includes/
+++ b/doc/pl/includes/
@@ -16,8 +16,8 @@
** wartości: sha224, sha256, sha384, sha512
** domyślna wartość: `+sha256+`
-* [[option_sec.crypt.passphrase_file]] *sec.crypt.passphrase_file*
-** opis: pass:none[ścieżka do pliku zawierającego hasło do szyfrowania/rozszyfrowywania zabezpieczonych danych; opcja ta jest używana tylko podczas odczytu pliku sec.conf; używana jest tylko pierwsza linia z tego pliku; plik jest używany tylko jeśli zmienna środowiskowa "WEECHAT_PASSPHRASE" nie została ustawiona (zmienna środowiskowa ma najwyższy priorytet); uwaga bezpieczeństwa: zaleca się trzymanie tego pliku poza katalogiem domowym WeeChat (np. w katalogu domowym) i nadanie mu praw do odczytu tylko przez siebie; przykład: "~/.weechat-passphrase"]
+* [[option_sec.crypt.passphrase_command]] *sec.crypt.passphrase_command*
+** opis: pass:none[read the passphrase from the output of this command (only the first line is used and it must not contain any extra character); this option is used only when reading file sec.conf and if the environment variable "WEECHAT_PASSPHRASE" is not set (the environment variable has higher priority); example with password-store: "pass show weechat/passphrase"]
** typ: ciąg
** wartości: dowolny ciąg
** domyślna wartość: `+""+`
diff --git a/doc/pl/ b/doc/pl/
index bb878d30e..f3043c789 100644
--- a/doc/pl/
+++ b/doc/pl/
@@ -2213,11 +2213,26 @@ zwykły tekst.
/secure passphrase to jest moje hasło
-Kiedy hasło jest ustawione, WeeChat poprosi o jego podanie przy uruchomieniu
-(ale nie podczas `upgrade`).
+===== Passphrase on startup
+When a passphrase is set, WeeChat will ask you to enter it on startup
+(but not on `/upgrade`).
+If you are using a password manager, you can run an external program to read
+the passphrase instead of having to type it manually on WeeChat startup. +
+For example with password-store (command `pass`):
+/set sec.crypt.passphrase_command "pass show weechat/passphrase"
-Możesz zmienić to zachowanie i użyć pliku z zapisanym hasłem (zobacz opcję
+The program may ask you unlock your GPG key or enter another passphrase to
+read the secret. WeeChat will wait for the end of the command to read the
+passphrase on the standard output (it must be on the first line without any
+extra character). +
+If the output contains no passphrase or if it is wrong, WeeChat will then ask
+you to enter it.
===== Szyfrowanie