I feel compelled to revive this old (almost 10 years!) thread because I’m faced with a similar problem and certain points seem unresolved.
Assuming that one needs the actual password in the image (in my case to authenticate via IMAP), Norbert’s suggestion to have a helper app that runs with elevated privileges makes sense, but I’m wondering about a few other comments: * Sven mentioned that it’s common to have sensitive info “lying around” on the filesystem, with .ssh being an example. However, my (non-expert) understanding is that the best practice to add a passphrase to one’s private key protects against just such situations as we consider here, no? * There seems to be a hard distinction drawn between memory and disk storage. However, this being Smalltalk, this seems only to be the case if the image is guaranteed never to be saved, otherwise its memory, including any plaintext sensitive information, would end up on disk. As I was thinking through my use case, I was considering, for example, storing the password in a non-string collection e.g. ByteArray, so that I could use the password and zero it out in memory right afterward.
