Suggestion: Honour password hint

Password managers like KeePassXC provide passwords with the x-kde-passwordManagerHint MIME type. See their Prevent Klipper from storing secrets in clipboard history PR from 2018 implementing it for more details

Windows and macOS have similar (more integrated) mechanisms to conceal such sensitive information from, e.g. system monitoring. On Linux and BSD, clipboard managers are suggested to ignore values of this type.

KDE Plasma's Klipper ignores such clipboard values by default since 2018, their Klipper: Do not insert secret data into history seems to be the original idea/implementation.

CopyQ's FAQ explains how to follow this convention (opt-in).

KDE Connect has a pending Don't sync clipboard when passwordhint is set patch to honour the hint behind an opt-in toggle.

Previous clipman ideas/efforts in this direction try to protect sensitive information after it was stored:

protect the on-disk history: #39 (closed) #48 (closed)
timeout values, i.e. limit retention time: #25
add new semantics/yet another API: !17

x-kde-passwordManagerHint would prevent clipman handling sensitive information in the first place. So I'd like to propose doing so by default to provide both a secure default and simple implementation.

Password managers, at least KeePassXC, may already clear the clipboard (and selection) after a certain timeout.

If others agree, I'm happy to send a PR for this.

Edited Jan 04, 2023 by Klemens Nanni