How can I open a file encrypted with Vim with a ruby script (I know the "password")

Question

I frequently use the :x command in vim to encrypt files on my computer. Recently I've wanted to do some processing on these files in ruby.

I have an app that has all "secrets" in env vars. My idea is actually to just have ONE secret 'password' env var. I'm considering a method for this and future apps where I just have an encrypted file I can keep in source control with all my sensitive data, and then only have to maintain one env var. Not sure how viable it is tho.

Is there a way to read them with ruby, and maybe even save them?

My current idea is to somehow call vi directly from ruby, pass the password in the command, and somehow get the output. I don't know if this is possible, and I'm having trouble finding out if is.

Thanks

Answer 1

I don't have the ruby expertise, but, if you don't mind exposing your password in plain text, you can make Vim write the file contents to stdout:

$ vim -Nesc 'set key=some\ passphrase | e foo.txt | %p | q!'
foo bar

Vim will use key as the passphrase if it is set, and prompt otherwise. So, you can set key, then open the file, and print it all (%p), then quit. I'm running it in silent ex-mode (-e -s), with compatibility turned off (-N).

You can probably use Getting output of system() calls in Ruby or Running a command from Ruby displaying and capturing the output to handle the Ruby part. The second answer of the former can perhaps be used in conjunction with the passphrase stored in a variable.

You can adapt this to environment variables:

$ pass='some password' vim -Nesc 'let &key = $pass | e foo.txt | %p | wq!'
foo bar