I use Mutt, the lesser sucky email client according to its author, on OSX. To access imap, one needs to specify imap_pass in .muttrc. To avoid storing email password in plain text, I used security command in OSX to create and later retrieve it.
$ security add-generic-password -a messagingengine -s foo@fastmail.com -w foo-password
This command creates a generic password “foo-password”. In reality, I suggest using email address for account (-a) and mail server address for service (-s). Open Keychain Access tool on mac and search for the new generic password (an application password) and see that it has been created.
I use find-generic-password to retrieve the password from keychain and awk to parse it as such:
$ security find-generic-password -g -a z@zlu.me 2>&1 | awk '/^password: \"(.*)\"/{print $2}'
The -g flag shows the password in stdout. awk regex the output and prints the value of password.
And to apply this in .muttrc
imap_pass = `security find-generic-password -g -a z@zlu.me 2>&1 | awk '/^password: \"(.*)\"/{print $2}'`