commit 0029832d2665603d5082b5a89a523281b63273e1 parent 882b601a2c64282d06a9d487e64ea468e985738b Author: finwo <finwo@pm.me> Date: Tue, 11 Apr 2023 11:15:25 +0200 Auto-remove secrets from zsh histfile Diffstat:
| M | zsh/home/.zshrc | | | 33 | ++++++++++++++++++++++++++++++++- |
1 file changed, 32 insertions(+), 1 deletion(-)
diff --git a/zsh/home/.zshrc b/zsh/home/.zshrc @@ -33,6 +33,37 @@ bindkey -v [[ -n "${key[PageUp]}" ]] && bindkey "${key[PageUp]}" history-beginning-search-backward [[ -n "${key[PageDown]}" ]] && bindkey "${key[PageDown]}" history-beginning-search-forward + +# Keep secrets out of there +# Source: https://github.com/jgogstad/passwordless-history +HISTORY_EXCLUDE_PATTERN='^ |//([^/]+:[^/]+)@|KEY[=:] *([^ ]+)|TOKEN[=:] *([^ ]+)|BEARER[=:] *([^ ]+)|PASSWO?R?D?[=:] *([^ ]+)|Authorization[=:] *([^'"'"'\"]+)|-us?e?r? ([^:]+:[^:]+) ' + +# See +# - https://zsh.sourceforge.io/Doc/Release/Functions.html for docs on zshaddhistory +# - https://zsh.sourceforge.io/Doc/Release/Shell-Builtin-Commands.html for docs on print +function zshaddhistory() { + emulate -L zsh + unsetopt case_match + + input="${1%%$'\n'}" + if ! [[ "$input" =~ "$HISTORY_EXCLUDE_PATTERN" ]]; then + print -Sr -- "$input" + else + nonempty=($match) + + if [[ $#nonempty -gt 0 ]]; then + for m in "$nonempty[@]"; do + n="${m##[\"\']}" + input="${input/${n%%[\"\']}/...}" + done + + print -Sr -- "$input" + fi + unset match + return 1 + fi +} + # }}} # Custom commands {{{ @@ -44,7 +75,7 @@ function version() { } # }}} -# Local binaries {{{ +# User .local bin path {{{ if [ -d "${HOME}/.local/bin" ]; then export PATH="${HOME}/.local/bin:${PATH}" fi