zsh (better) privacy setup

the problem#

Exposing the history of commandline inputs can expose sensitive informations to all programms which have access to it.

clean the history on the begining of workday (6:00) each day#

I like this approach because I use mutliple sessions over the day and dont want to lose commands I working with all the day. On linux you can use crontab but MacOS I will use launchd deamon.

first step: create sheduled job

Create sheduled job with the following snippet and place it ~/Library/LaunchAgents/com.example.job.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">

second step: create executable

Create a bash script /Users/{{username}}/scripts/clearhistory

rm ~/.zsh_history

third step: load job in daemon

launchctl load ~/Library/LaunchAgents/com.example.job.plist

This step has to be repeated each time you modified the file. To reload the file:

launchctl unload ~/Library/LaunchAgents/com.example.job.plist
launchctl load ~/Library/LaunchAgents/com.example.job.plist

manually start the job

launchctl start com.example.job

more informations

cleaning history session based#

We have two options to avoid history being saved after zsh session ends:

clear history after this session#

To disable history logging only for the current active session, execute this command at the beginning of the session:


clean history after all sessions#

In the ~/.zshrc change add this line:

# do not keep history after session ends

This will preserve the history while you stay in session, but delete it afterwards.

do not add commands to the history when prefixed#

We can simple activate this behavior by adding a line in: /etc/zshrc

# leading space commands will be ignored in history
setopt histignorespace