I'd like to use git send-mail to submit patches upstream, but my gmail account is using two factor authentication. Google provides app specific passwords for things like this, but my question is where is a secure place to store this password for use with git send-mail?
Turns out git has a credential store. Linux, OS X, and Windows all have credential helpers that can collect credentials from the OS's keyring. This answer has a few examples.
If you'd rather have the patch saved to your drafts folder so you can review it before sending (or just so that Gmail tracks the thread better), you can do the following:
git config --global imap.host imaps://imap.gmail.com
git config --global imap.user your.email@gmail.com
git config --global imap.port 993
git config --global imap.sslverify false
git config --global imap.folder [Gmail]/Drafts
git format-patch --stdout | git imap-send
git-credential support for git-imap-send has been available since git 2.1.0.