How long does oama cache the access token for a particular account?

[fenneltheloon]

Wondering if it's timed or clears on reboot.
My GPG key is password protected, and it doesn't seem like there is an option to pass that to oama in any way. I'm trying to get this to work as part of a system notification daemon, so manually entering my GPGkey passphrase every time an email is triggered to send is not possible.

What should I be doing?

[pdobsan]

Wondering if it's timed or clears on reboot.

An access token is issued with an expiry date. You can see that by trying: oama renew ***@***.*** or oama show ***@***.*** That shows the contents of the encrypted ***@***.*** file, "cache" if you like. That file is eternal, updated only by oama using gpg for encryption/decryption, it is not cleared by reboot. When you issue oama access ***@***.*** oama returns the access token if it is still valid, otherwise oama obtains a new access token then stores the new token encrypted and returns it.

My GPG key is password protected, and it doesn't seem like there is an option to pass that to oama in any way.

No there is no such option neither it should be. oama just assumes that when it calls gpg gpg can access your open private key querying gpg-agent. So gpg-agent should be running, started at boot/login time when you need to enter your passphrase for your private key only once for the whole session.

What should I be doing?

Read up on gpg and, in particular, gpg-agent. Should you choose the KEYRING backend, the operational flow is the same in principle however the keyring usually is opened automatically at login.