Vim is able to write files encrypted, and read them back. The encrypted text
cannot be read without the right key.
Note: The swapfile and text in memory is not encrypted. A system
administrator will be able to see your text while you are editing it.
When filtering text with ":!filter" or using ":w !command" the text is not
encrypted, this may reveal it to others.
WARNING: If you make a typo when entering the key and then write the file and
exit, the text will be lost!
The normal way to work with encryption, is to use the ":X" command, which will
ask you to enter a key. A following write command will use that key to
encrypt the file. If you later edit the same file, Vim will ask you to enter
a key. If you type the same key as that was used for writing, the text will
be readable again. If you use a wrong key, it will be a mess.
:X Prompt for an encryption key. The typing is done without showing the
actual text, so that someone looking at the display won't see it.
The typed key is stored in the 'key' option, which is used to encrypt
the file when it is written. The file will remain unchanged until you
write it. See also |-x|.
The value of the 'key' options is used when text is written. When the option
is not empty, the written file will be encrypted, using the value as the
encryption key. A magic number is prepended, so that Vim can recognize that
the file is encrypted.
To disable the encryption, reset the 'key' option to an empty value:
When reading a file that has been encrypted and this option is not empty, it
will be used for decryption. If the value is empty, you will be prompted to
enter the key. If you don't enter a key, the file is edited without being
If want to start reading a file that uses a different key, set the 'key'
option to an empty string, so that Vim will prompt for a new one. Don't use
the ":set" command to enter the value, other people can read the command over
Since the value of the 'key' option is supposed to be a secret, its value can
never be viewed. You should not set this option in a vimrc file.
An encrypted file can be recognized by the "file" command, if you add this
line to "/etc/magic", "/usr/share/misc/magic" or wherever your system has the
0 string VimCrypt~ Vim encrypted file