In my never ending crusade to move as many functions as possible into Emacs, I’ve lately been dealing with functions that require a user name and password. For example, part of the mbsync configuration that downloads my emails requires a user name and password. Similarly, org2blog/wp needs the password for my blog.
Here at Irreal, we’ve settled on two strategies:
- Putting the credentials in the
.authinfofile
This method has the benefit that you can get at the credentials with Elisp. This makes it easy to make passwords and other credentials available to your Emacs configuration without having them displayed in plain text. Take a look at the auth-source info documentation andauth-source.elto see what’s available. Sadly not all the functions are documented so you may have to look at the code. See the Blogging section of Arjen Wiersma’s configuration for an example of using theauth-sourcepackage withorg2blog/wp. - Putting credentials in the macOS keychain
Obviously, this is Mac specific but the other OS’s have similar functionality. This method is useful when you need to get at the credentials from outside Emacs. For example, my mbsync configuration retrieves the password for the Apple IMAP server from the Mac keychain because Elisp isn’t available to mbsync. Aria Fallah has an excellent post on how to access the Mac keychain. If you’re running on macOS, you need to give it a read.
Lately, I’ve been working on bringing Gmail under the mu4e umbrella. Gmail really wants you to use OAuth2 to authenticate and they make it pretty easy to set up an account to get the tokens but it’s really hard to see how to integrate it into mbsync. There’s some python code on the Web that I think I can have mbsync call to do the OAuth2 but as far as I can tell, most mbsync users simply turn off the OAuth2 authentication to get things working.
That’s not ideal but isn’t a worry for me because I use Gmail only for mailing lists. Still, it would be nice to find a reasonable solution using OAuth2.