VIM File Encryption

June 06, 2014

The exacting, complex, highly difficult and dangerous version that tells Vim you want to encrypt the file when you save it looks like this:

vim -x filename.txt

Once a file has been encrypted by Vim once, you never need to use the -x option when opening that file again; Vim will automatically recognize it as an encrypted file and Do The Right Thing. Using the -x option when opening a file that has already been encrypted by Vim should not hurt anything, though.

Because Blowfish is a symmetric key encryption system, the same key is used for both encryption and decryption. When Vim opens a file for the first time with the -x option, the first thing it will do is ask you to give it a key you can use to encrypt and decrypt the file, with this prompt:

Enter encryption key:
After entering the key, you will then be asked to confirm the key, to ensure you did not mistype it.

Enter same key again:

After that point, Vim will act exactly the way it always has, as far as the user can tell. When you save and exit the file, there will then be an encrypted file containing the secret data you put in it. When opening the file with Vim again, the editor will ask you to enter the key needed to decrypt it for you; once open, you can again edit the file just as you would any other, and when you save the file again, it will be encrypted again.