How to manage secrets with vim and dropbox

19 Aug, 2022
720 words | 4 min to read | 2 hr, 10 min to write

If you are serious about security and privacy, your passwords are not only hard to guess and hard to brute-force, but also you are using different passwords for different sites/services. You also might have Two Factor Authentication set up for services that do have 2FA. For some services you probably using oAuth to authenticate using one of the oAuth providers. Some of the services might also have “secret questions” which you can not bypass on sign up. “Secret questions” is a potential security whole, so I devoted a whole article to them.

Strong passwords

Just use a password generator, you can find a plenty online. I’m a cli guy, so I’m using one of the most popular cli solutions, pwgen, it’s available on nearly all platforms and usually you can install it via a package manager such as yum, apt, or brew.

Usage is very straightforward. Below will generate 1 strong password of length 12:

pwgen 12 1


Vim has built-in encryption that allows to encrypt a file with a passphrase. Read about it here.

vim +X /tmp/encrypted-file

will ask for the encryption key, next time you open that file, the encryption key will be needed to decrypt it, otherwise you’ll see something like this:

cat /tmp/encrypted-file


nvim DOES NOT support encryption

VIM modeline

You should definitely have modeline enabled in vim to use this nifty trick in encrypted files:

# vi: ft=text noswapfile bufhidden=wipe tw=0

It sets file type to plain text, doesn’t allow to create a swapfile (we only want one single copy of the file), wipes out the file buffer once you switch to any other buffer, and allows to paste lines of any length without breaking the line.


If you don’t know what dropbox is you’ve been living under the rock for at least past 10 years. If that’s the case, it allows you to synchronise your files between different devices. There are other solutions like it, they all should work the same. You can use Google Drive, for instance.

The solition

  1. Simply create a vim-encrypted file in your dropbox, i.e. ~/Dropbox/secrets (you can get a little more security via obfuscation and call the file “my-best-recepie” or something like this :) ).
  2. ahm… there is no 2, it’s all it takes!

Other solutions

~You can write your passwords in your notebook~… Okay, okay, I will not talk nonsense here. Obviously, storing passwords in unencrypted form or on easily accessible medium is a big no-no. What you can use though is a passwords manager. There are quite a few. Most popular ones are 1password, lastpass, and keeper. They do have a few advantages compared to the vim-encrypted file on your dropbox (or google drive).

  1. You can share your passwords with others. This makes these password managers perfect for ogranisations.
  2. They usually offer browser plugins that will autofill passwords on login forms.
  3. You can use them on mobile devices to autofill forms, which is really hard to do with vim. What I do when I need to enter a password on my mobile is I’m opening up vim on my laptop and typing a password on my phone. Letter-by-letter, symbol-by-symbol… On the other hand I don’t do it awfully lot as browsers can securely store your passwords too, all you need is to do one log in into your google (or whatever you use) account.


Your passwords are stored securely and you have full control (I hear somebody shouts that my passwords are also stored on dropbox servers too, but so as they are if I were to use any password manager). You are not limited to key-value store, you can add instructions, special notes, any text. And, of course, your secrets are now shared across your machines (very useful if you need to share your passwords between your personal and working laptops, for instance).


No autofill, no sharing option, and you have to type your passwords on mobile while having access to your PC/laptop.


Make first 40 lines of your secrets file empty, this way you can always open it up even when other people are watching. On the first screen they will see only your modeline.