auth-source: getting my secrets out of my emacs init file

I do not reveal my emacs init file publicly because it has secrets in it. For passwords (particularly for various APIs), and decryption keys in it.

But, the other day I discovered auth-source.   I used in this example to launch my IRC setup:

(defun start-erc ()
  "Wrapper for ERC that get's password via auth-source."
  (interactive)
  (let* ((server (erc-compute-server))
         (port (erc-compute-port))
         (credentials (auth-source-search :host server 
                                          :port (format "%s" port)
                                          :max-tokens 1)))
    (cond
     (credentials
      (erc :password (funcall (plist-get (car credentials) :secret))))
     (t
      (message "auth-source-search failed to find necessary credentials for irc server")))))

Auth-source-search will find my credentials in ~/.authinfo.gpg.  A line there like that looks like this: “machine irc.example.org port 12345 login luser password aPasWurd“.

Curious about hard it would be to fold that directly into the M-x erc</code> I read enough code to discover it calls thru to a function which does in fact call auth-source-search; so you can revise my function like so:

(defun start-erc ()
  "Start erc computing all the default connection details, which might get the password via auth-source."
  (interactive)
  (let ((password? nil))
    (erc-open (erc-compute-server)
              (erc-compute-port)
              (erc-compute-nick)
              (erc-compute-full-name)
              t  ;; connect
              password?))

I'm delighted.  But it, looks like this facility isn't used as much as I'd expect.

I found it because the helm-delicious package advised using it for my delicious password.

I was making good progress getting all my secrets out of the init file by have a function that would load all the secrets on demand loading an encrypted elisp file (load "secrets.el.gpg"). That works nicely too.

Maybe I should go read up on the secret storage scheme of vree desktop.

2 thoughts on “auth-source: getting my secrets out of my emacs init file

  1. Pingback: Configure jabber without writing password in plain text | XL-UAT

  2. Pingback: Configure jabber without writing password in plain text | DL-UAT

Leave a Reply

Your email address will not be published.