From a5ab7fcdbd012834f6e71ae8ad2f0534f9115fa3 Mon Sep 17 00:00:00 2001
From: tea <tea@tastytea.de>
Date: Fri, 12 Jul 2024 09:19:03 +0200
Subject: [PATCH] zsh: do not commit passwords to history

passwords are identified by their SHA256 hashes
---
 .config/zsh/.zshrc | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/.config/zsh/.zshrc b/.config/zsh/.zshrc
index fca8407..d354375 100644
--- a/.config/zsh/.zshrc
+++ b/.config/zsh/.zshrc
@@ -55,6 +55,20 @@ function _my_filter_secrets_zshaddhistory() {
 }
 add-zsh-hook zshaddhistory _my_filter_secrets_zshaddhistory
 
+# compute hash from line until and excluding first newline
+# reject if hash matches
+function _my_filter_secrets_hash_zshaddhistory() {
+    local hash=$(sha256sum <<< ${1%%$'\n'*})
+    hash=${hash%% *}
+
+    case ${hash} in
+        2e324cea58462bb08bacb6e9bb44b1e972c02ad919d58ed61dd89b01ab480b11)
+            return 1 ;;
+    esac
+    return 0
+}
+add-zsh-hook zshaddhistory _my_filter_secrets_hash_zshaddhistory
+
 ############################## Plugins #########################################
 
 # https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters.md