Eli Zaretskii writes: > Thanks. So it sounds like you are asking for a feature that currently > doesn't exist, AFAIU. I'm not sure I'd classify it as a new feature. An existing interface is broken under some conditions. > I added a couple of people to this discussion who were involved with > auth-source-pass, in the hope that they will have suggestions and > comments. Thank you. Now, onto why I don't think this is a new feature: Here's an example auth-source-search invocation that can demonstrate the problem (assuming that the user has these a dev.gentoo.org secret on port imaps with user arsen): (auth-info-password (car (auth-source-search :host "dev.gentoo.org" :port "imaps" :user "arsen"))) Following M-x epa-file-disable RET M-x auth-source-forget-all-cached RET the above returns an encrypted string rather than its actual password. This means that a current feature (auth-source-search) breaks under some conditions. I've worked out a fix, tested with the following: (require 'auth-source-pass) (setq auth-sources '(password-store)) (auth-info-password (car (auth-source-search :host "dev.gentoo.org" :port "imaps" :user "arsen"))) I've attached the patch, though it lacks a regression test. The reason for this is that I want to spare the auth-source-pass developers some triage, and that there's currently no regression tests for --read-entry.