[federicotdn]

Not completely related, but I have a question regarding Emacs and email:

Is there a way to read/write emails on Emacs, without having any emails or credentials stored locally as plaintext? I'm heavily prioritizing ease of configuration and security over speed or other additional features.

[thejefflarson]

I wrote a small program do exactly this on OSX and Linux (Gnome):

https://github.com/thejefflarson/getpasswd

It accesses the OS keychain to get the right password. I don't use offlineimap -- I use mbsync instead which has a PassCmd option where you can pass in a shell command (e.g. getpasswd <imap-server> <imap-user>). And another tool to add passwords to the GNOME Keychain:

https://github.com/thejefflarson/setpasswd

Adding passwords to the OSX keychain is easy enough, but I found it fiddly in Gnome's GUI. YMMV.

[PuercoPop]

Sure. Although the documentation doesnt make it explicit your .authinfo file can have a gpg extension and Emacs will encrypt and decrypt it for you using gpg automatically

[avar]

Sure, you sync them locally with e.g. offlineimap, and specify a "remotepasseval" key in your config which can invoke a command that invokes whatever password manager you use, same for sending.

I don't do this and just keep my password in plain-text and use full-disk-encryption, because I don't want to have to be constantly unlocking a keyring to have some background E-Mail syncing job work.

[aerique]

I don't know if the others use it but Gnus can read credentials from an .authinfo.gpg file.

https://www.gnu.org/software/emacs/manual/html_node/auth/Gnu...

[globuous]

That's what I do actually: https://www.emacswiki.org/emacs/GnusAuthinfo

When I set it up with gmail tough, I think you either need a 2fa token (which requires 2fa on gmail) or tick "allow unsafe apps" in the admin panel, otherwise you get rejected by gmail. I'm sorry I don't have much info, it's already been a few months I've set it up. However, if anyone's struggling, I'll be glad to help ;)

[fusiongyro]

The actual reading of email with mu is about what's on disk. Using offlineimap is just a common configuration, and in its configuration you can specify a function, so if you wanted it to prompt you for a password whenever you get mail, you could do that. You could also just have Postfix deliver mail to your directory, then just have mu4e run the mu index command periodically to find new mail.

As for the writing of mail, it culminates in running some kind of sendmail program on your message. If you have sendmail or postfix setup locally to forward mail up to another server, you already don't need to have a password set up in Emacs. But you could also make that program do whatever you want, it just needs to be a binary that accepts certain arguments (or an emacs function that operates on the file).

[pfortuny]

If you save the passwords in a gpg-encrypted file, emacs primpts you for the password to the file when needed.

Otherwise, password-read or something like that.