Merge tag 'v1.1.0' into develop

v1.1.0

CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
-## [1.0.0] - 2017-02-19
+## v1.1.0 (2017-02-22) 
+
+### Changes
+
+- Allow multiple prefixes (#1)
+- Make the plugin more secure (#2)
+
+## v1.0.0 (2017-02-19)
 
 - Initial release

package.json

@@ -1,6 +1,6 @@
 {
  "name": "zazu-password",
- "version": "1.0.0",
+ "version": "1.1.0",
  "description": "Zazu plugin for generating passwords with ease.",
  "main": "zazu.js",
  "scripts": {

readme.md

@@ -14,6 +14,8 @@ Examples:
 
 You an copy the generated password by selecting it.
 
+Instead of `password` you can also use `pass` or `pwd` as prefix.
+
 ## Installing
 
 Add `jnstr/zazu-password` inside of `plugins` block of your `~/.zazurc.json` file.
@@ -41,6 +43,30 @@ The plugin defaults to an average password of 16 characters, but you can overrid
 }
 ```
 
+## Security
+
+Since all results that are displayed and returned by a Zazu plugin are stored in the log files, it's insecure to display and render the generated password in zazu. This is the reason why we don't show the generated password in the plugin. 
+The password is generated in the plugin but is never handled by Zazu which makes it more secure.
+
+If you really really want to see the generated password in zazu, you can add the "insecure" variable to the `~/.zazurc.json` file and set it to true.
+
+```json
+{
+ "plugins": [
+ {
+ "name": "jnstr/zazu-password",
+ "variables": {
+ "insecure": true
+ }
+ }
+ ]
+}
+```
+
+
 ## Screenshots
 
 ![Zazu password](./assets/screenshot.png)
+
+insecure password: 
+![Zazu password insecure](./assets/screenshot-insecure.png)

zazu.json

@@ -1,6 +1,6 @@
 {
  "name": "zazu-password",
- "version": "1.0.0",
+ "version": "1.1.0",
  "description": "Zazu plugin for generating passwords with ease.",
  "blocks": {
  "input": [