February 19, 2013

mutt & Keychain.app


I recently decided to give mutt a try. The lack of an updated GPGMail for Mountain Lion (donating to receive a beta version that might never get released? No thanks), and the instability of Thunderbird made me look for an flexible mail client with good GPG support.

This is not a review of mutt, though. I haven’t used it long enough to decide. All I wanted to point out is that the horribly ugly hacks for using password stored in the OS X Keychain in mutt are not necessary anymore: security, the command-line interface to Keychain, has a -w flag since Mountain Lion, to print just the password and nothing else.

See here for how that works in ~/.muttrc:

set imap_pass = `security find-internet-password -g -a "johndoe" -s "example.com" -r "imap" -w`
set smtp_pass = `security find-internet-password -g -a "johndoe" -s "example.com" -r "smtp" -w`

Also new here: it will check for passwords matching the username, hostname and server type (so IMAP or SMTP), which are all set if you used Mail.app before.

Security concerns

Note that the passwords are retrieved on launch, so starting mutt will give you two Keychain prompts. Unless of course if you give security “Always allow” access to the passwords, but realize that this gives any application which is able to exec security the possiblity to obtain the passwords.

The passwords will be in plain in mutt’s RAM as long as it is running.