Passwords on OS X via security

Nicolas Sebrecht nicolas.s-dev at
Thu Nov 13 12:44:22 GMT 2014

On Thu, Nov 13, 2014 at 06:25:32PM +1000, Paul W. Rankin wrote:
> "Paul W. Rankin" <hello at> writes:
> > The keychain is already unlocked and accessible. Within Keychain
> >, `security` is listed as "Always allow access by these
> > applications:". I have the very same line in my ~/.authinfo for using
> > smtpmail-send-it to avoid typing a gpg password when sending mail:
> >
> > machine login userrnkn at password `security
> > find-generic-password -s -a user at -w` port
> > 465
> >
> > That works without a hitch (with real values), so I assumed the problem
> > has to be in the way offlineimap reads .offlineimaprc
> Ah sorry! This does NOT work without a hitch. It does not work at all.
> So my issue is with shell argument substitution in general, not with
> offlineimap.
> But if anyone know how to achieve this...?

If OfflineIMAP could execute shell commands or do shell substitutions in
offlineimaprc I would expect this to be a bug. In OfflineIMAP,
ConfigParser() is wrapped in the CustumConfigParser() class. See

for details.

The right way is to write your own python code in a lambda function as
Lucien already said. I guess all options can be replaced by python code.

I don't know enough about keyring and your configuration to give you the
exact python lines of code. But trying to retrieve the password from
shell command as-is is wrong, for sure.

Now, if you really want to use a shell command instead of pure python
code you could call your shell command from python with a call like
Popen(). See

for details.

I would encourage you to try something like that in a python session:

  % python
  >>> import subprocess
  >>> import shlex
  >>> subprocess.Popen(shlex.split('ls /'), stdout=subprocess.PIPE)

which returns a string 'str' as expected in offlineimaprc.

Good luck! ,-)

Nicolas Sebrecht

More information about the OfflineIMAP-project mailing list