[kecebongsoft]

While this is awesome, I am one of those guys who feel uncomfortable to store my raw password in a dotfile, not to mention I'm managing my dotfiles in Github, authentication in every run doesn't seem convenient either. I see that this happens in other places such as Github gists-terminal and some twitter-terminal clients. Is there any way we can store these credentials locally in a safer way like SSH keys?.

[dmmalam]

OSX has keychain which is designed for these scenarios.

http://www.dribin.org/dave/blog/archives/2006/01/16/keychain...

https://developer.apple.com/library/mac/#documentation/Secur...

[chimeracoder]

Several Linux tools for this purpose have existed for a while as well - gnome-keyring (now seahorse)[1], KWallet, etc.

[1] https://wiki.archlinux.org/index.php/GNOME_Keyring

[donniezazen]

It came to my notice a few days ago that Gnome stored my Google Password in Gnome Keyring as simple text.

[chimeracoder]

How did you come to this conclusion? If you've found a bug, please file a ticket.

Gnome keyring definitely uses encryption to store passwords; they take security pretty seriously: https://live.gnome.org/GnomeKeyring/SecurityPhilosophy

[kecebongsoft]

I think what he meant was seahorse. I just tried it out and I can see my raw passwords by clicking properties and ticking 'Show Password'. Shocked as well, not to mention seahorse is launched without asking my password.

[chimeracoder]

> I can see my raw passwords by clicking properties and ticking 'Show Password'.

As opposed to what? They need to have access to the plaintext passwords somewhere; it's just encrypted when it's stored on disk.

> Shocked as well, not to mention seahorse is launched without asking my password.

The default keychain uses your login password, and it's unlocked at login. This is easy to change if you want to have to unlock it every time you use it.

[binarycrusader]

This isn't shocking; Mac OS X will also happily show you your passwords. It stores them encrypted, then decrypts them for you after your keychain is unlocked.

[morpher]

For a nice gpg-encrypted password store, see "pass": http://zx2c4.com/projects/password-store/

Many programs that require passwords (e.g., mutt, offlineimap, msmtp) let you specify a command to retrieve the password, which is really easy using pass.