Safe-keeping passwords used in ad-hoc scripts
When I need to send small batches of customized emails, I use Craig Kerstiens' and Will Leinweber's Ruby trick.
I've added an additional small hack to this trick that I've used several times: Storing and retrieving passwords in the Mac OSX keychain with minimal pain.
If you read through Craig's post and the code, you'll see that you need to pass in your GMail password. I care deeply about protecting access to my GMail account, so I don't just paste passwords into code or other random files stored on my hard drive. To keep things as secure as possible, I do the following:
- Turn on two-factor for GMail
- Now you cannot use your primary password for scripts like this. Instead I generate a per-application password. (click on "App passwords" on Security settings).