I’d like to setup an app qubes to read my mail, with my previous setup on an other OS I was using mbsync + dovecot + emacs.
Only problem I have is that I don’t know how to fetch password programatically from the vault qube which contains a keepassxc instance where all my passwords are, and pass it to mbsync.
Before I’d just use the secret service integration and have something like this in mbsyncrc:
PassCmd "secret-tool lookup account <myaccount>"
Only examples I’ve seen so far with qubes involve the user manually copying in and out the password from one qube to the other. Which gets old very quickly when you have 5+ emails accounts.
It would only be possible to script something based on keepassxc when using it in CLI which would require typing the password everytime or having a security token with a configured challenge response like a yubikey.
If you can use a software more script friendly like pass which would require unlocking your gpg key once, you could call a qubes rpc script to retrieve the output of a command in vault from your mail qube