This is a simple TOTP (Time-based One-time Password) CLI tool. TOTP is the most common mechanism for 2FA (Two-Factor-Authentication). You can manage and organize your accounts with namespaces and protect your data with a password.
Download the latest version of the application from the releases page.
Users on macOS can also install the package using MacPorts:
sudo port selfupdate sudo port install totp-cli
$ totp-cli update
$ totp-cli help add-token [namespace] [account] Add new token change-password Change password generate <namespace> <account> Generate a specific OTP import <input-file> Import tokens from a yaml file. instant Generate an OTP from TOTP_TOKEN or stdin without the Storage backend version Print current version of this application delete <namespace> [account] Delete an account or a whole namespace dump Dump all available namespaces or accounts under a namespace list [namespace] List all available namespaces or accounts under a namespace update Check and update totp-cli itself help [command] Display this help or a command specific help
When you run the application for the first time, it will ask for your password. DO NOT FORGET IT! There is no way to recover your password if you forget it.
Your first command (after
help) would be
add-token. You get get
your token read a TOTP QR Code.
$ totp-cli add-token Namespace: personal Account: digitalocean Token: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Password: ***
You can specify the namespace and the account name as a parameter:
$ totp-cli add-token personal randomaccount Token: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Password: ***
If you want to delete
randomaccount (because it was a test for example),
you can use
$ totp-cli delete personal.randomaccount Password: *** You want to delete 'personal.randomaccount' account. Are you sure? yes
After few accounts, it's a bit hard to remember what did you added, so you can list namespaces:
$ totp-cli list Password: *** company1 (Number of accounts: 3) company2 (Number of accounts: 5) personal (Number of accounts: 8)
or you can list your accounts under a specific namespace:
$ totp-cli list personal Password: *** personal.evernote personal.google personal.github personal.ifttt personal.digitalocean personal.dropbox personal.facebook
If you want to change your password,
you can do it with the
Simply put this into your
Or call the client with
$ TOTP_CLI_CREDENTIAL_FILE=/mnt/mydrive/totp-credentials totp-cli list
Note: It's a filename not just a directory.
Note: It does not traverse through the given path, parent directory has to be there already.
You can import tokens from a YAML file. The syntax is the same as the output of
- name: ns1 accounts: - name: acc1 token: updatedtoken - name: acc2 token: mytoken - name: acc3 token: tokenish - name: ns2 accounts: - name: acc1 token: token
If a token already exists, it will ask you if you want to overwrite it or not.
$ tot-cli import list.yaml
A function to provide tab-completion for zsh is in the file
When installing or packaging totp-cli this should preferably be
$prefix/share/zsh/site-functions. Otherwise, it can be
installed by copying to a directory where zsh searches for completion
$fpath array). If you, for example, put all completion
functions into the folder
~/.zsh/completions you must add the
following to your zsh main config file (
fpath=( ~/.zsh/completions $fpath ) autoload -U compinit compinit