If you want to keep your secrets secret, it is a good idea to encrypt your data; I usually do that for files with passwords for various services, banking data, and so on. Since version 23, Emacs includes a package called EasyPG (an interface to GnuPG) which makes this seamless – just make sure that you have GnuPG installed.
It's easy to use EasyPG – the only thing you need to do is adding the
-extension to your files, and EasyPG will automatically encrypt/decrypt them
when writing/reading. So, for example, to create an encrypted
simply visit (
C-x C-f) a file with a name like
myfile.org.gpg; emacs opens
this in Org-Mode (just like any
.org-file). When you want to save the file,
emacs will ask you for a password, and with this same password, you can open
it again. Don't forget that password!
You can store any kind of secret data in your encrypted files. One type I
find particularly useful is to store account data (user names, passwords)
for various services there. For example, I use the emacs identi.ca-mode client, which gets its account data through variables
I do not want to put this information in my main
.emacs file for safety
reasons, but instead, put it an encrypted file, together with the account data
for other services (mail, twitter etc.). Emacs'
require does not understand
encrypted files, but
load-library does. To deal with that, I have two files,
secrets.el.gpg (in my
;; secrets.el (load-library "secrets.el.gpg") (provide 'secrets)
;; secrets.el.gpg (setq identica-username "djcb" identica-password "$ekr3t") ;; ... other passwords ...
Now, in my
.emacs I have a function for various services, like:
(defun start-identica () (interactive) (require 'secrets) (identica-friends-timeline))
This will prompt me for the password, but only if I use anything that requires the secret data, and only once per session.
Update: as Richard notes in the comments, you can also use require by explicitly specifying the filename (parameter two). That might actually be easier -- thanks Richard!
using public keys
;; 'silent to use symmetric encryption ;; nil to ask for users unless specified ;; t to always ask for a user (setq epa-file-select-keys t)
The 'users' in this snippet are the people in your GnuPG-keyring – EasyPG lists your keyring inhabitants, allowing for easy selection. You can also specify the people who can decrypt your file by putting something like the following at the beginning of the file you want to encrypt.
# -*- epa-file-encrypt-to: ("email@example.com") -*-
EasyPG brings more functionality for encryption, decryption, signing, managing your keyring and so on, but I haven't used that much yet. Anyhow, the automatic support for reading/writing file is really nice.