From time to time I need to edit sensitive files, for instance files that contain passwords or certificates. To avoid Vim leaking sensitive information, is there a way invoke Vim/Neovim so that Vim only touches the edited file during that invokation? No changes or creation of backup, swap, undo or other files?
To disable backup, undo and swap files as well as the backupcopy functionality, you can (un)set those option from the command line as follows:
vim +"set nobackup nowritebackup noundofile noswapfile viminfo=" a_sensitive_file
See :help 'backup', :help 'undofile', :help 'writebackup', :help 'swapfile' and :help 'viminfo' for reference and the options' implications. See :help -c for information on how to execute Ex commands from the command line (in this case, the :set command).
You may also be interested in :help encryption - not in the encryption feature itself - there are hints on how to edit files containing sensitive information.
You can create an alias for the command above or put them into a vimrc file, e.g. secure.vim and do
vim -u /path/to/secure.vim a_sensitive_file
This will :source only the options in secure.vim to initialize Vim (see :help -u). You may be left without your favorite colorscheme and plugins.
Disclaimers: