Usually people set their Emacs credentials on a possible encrypted .authfile. If your system uses the secret service for managing secrets, using it is a better alternative.

To create the SMTP secret run inside Emacs:

(secrets-create-item "default" "smtp" "PASSWORD"
           :user "[email protected]"
           :host "UPSTREAM_IP"
           :port "UPSTREAM_PORT")

where host and port correspond to your email provider.

To use the recently created secret, add to your email configuration

(autoload 'secrets-get-attribute "secrets")

(setq smtpmail-smtp-server (secrets-get-attribute "default" "smtp" :host)
        smtpmail-smtp-user (secrets-get-attribute "default" "smtp" :user)
        smtpmail-smtp-service (secrets-get-attribute "default" "smtp" :port))

Additionally, for mbsync you can just add

PassCmd "secret-tool lookup user [email protected]"

to ~/.mbsyncrc to retrieve the secret, which is cleaner than the .authfile.gpg solution.

Offlineimap users can use the keyring package to store their secrets, but since python2 is deprecated, in some Linux distributions the python2 version bundled with offlineimap won’t be able to load external packages.


  1. Secret-Service-API