gpgedit asks for a passphrase, uses it to decrypt the contents of a file encrypted with GPG2 symmetric encryption to a temporary file and runs an editor program on the temporary file ($EDITOR by default but it can be, e.g., LibreOffice). Once the editor exits it has GPG2 put the contents of the temporary file in the original file encrypted with the original passphrase and deletes the temporary file. In other words, it implements a "with" pattern.
gpgedit is beta-quality software.
gpgedit [options] filename ...
options:
-editor value the editor to use <>
-ro read-only mode -- all changes will be discarded
-u change the passphrase for the file
-warn value warn if the editor exits after less than X seconds <0>
-- Forcibly stop option processing
-help Print this message
-? Print this message
Tcl 8.6.x, Tcllib, and GPG2.
sudo apt install tcl8.6 tcllib gnupg2sudo dnf install tcl tcllib gpg2sudo pkg install tcl86 tcllib gnupgsudo zypper in tcl tcllib gpg2sudo brew install tcl-tk gnupg2sudo port install tcllib gpg2
The passphrase is kept in the memory of the program's Tcl process in plain text while the file is edited. The passphrase can be extracted from the process's memory or the swap partition/file if it is swapped out. The decrypted contents of the file is stored in the default temporary directory (e.g., /tmp) where it can be accessed at minimum by other programs run by the same user while it is being edited. If your temporary directory is stored on disk and isn't encrypted the contents of the deleted temporary file could be recovered.
gpgedit doesn't work with multi-document editors.
MIT.