Passwords on OS X via security

Paul W. Rankin hello at
Thu Nov 13 04:44:08 GMT 2014

Lucien Pullen <drurowin at> writes:

> Also sprach Paul W. Rankin on 2014-11-12:
>> I'd love to use an "elegant one-liner" (i.e. no pythonfile) to retrive
>> my account password, which is stored in a local OS X keychain.
> With using a .py, you'd call "import keyring", then "remotepasseval =
> keyring.get_password(item-name, account)" in your offlineimaprc.  You
> might try an anonymous function that performs the import, then
> get_password().  But I don't know Python, so that may or may not work.

This doesn't appear to be an option for me; I wrote a quick test:
 => ImportError: No module named keyring

>> [Repository Remote]
>> type = IMAP
>> remotehost =
>> remoteuser = user at
>> remotepasseval = `security find-generic-password -a user at -s -w`
>> [snip]
> Are you calling this while you are the active user (the one logged in
> via LoginWindow)? If you aren't the active user (SSH, `su`, etc.), you
> need to first unlock the keychain using the `unlock-keychain'
> subcommand.  There's also a way to add offlineimap as the owner of a
> keychain item, which, if I recall correctly, doesn't require you to
> unlock it. (If you create the item from offlineimap, that counts.)

The keychain is already unlocked and accessible. Within Keychain, `security` is listed as "Always allow access by these
applications:". I have the very same line in my ~/.authinfo for using
smtpmail-send-it to avoid typing a gpg password when sending mail:

machine login userrnkn at password `security find-generic-password -s -a user at -w` port 465

That works without a hitch (with real values), so I assumed the problem
has to be in the way offlineimap reads .offlineimaprc

Paul W. Rankin

More information about the OfflineIMAP-project mailing list