Simple CLI for managing and generating OTPs for your various accounts. <100 lines of Bash script.
I just wanted a simple shell script to manage time-based OTPs and copy them to the clipboard instead of having to fuss with Google Authenticator or FreeOTP. It encrypts and signs OTP secret keys using GnuPG before storing them to disk. Easy! 😎
Need something fancier? Check out pass-otp.
- If you don't have them already, install oathtool and GnuPG. e.g. on Fedora/RHEL/CentOS do:
dnf install oathtool gnupg2
- It's a bash script, just use it!
$ otp -a
Enter nickname (e.g. a domain name) for this key: example.com
Enter OTP secret key value: sqod lqls ogws vykm 4o66 mbmi wtcq ae2p
$ otp example.com
888381
(Copied to clipboard. Expires in 27 seconds)
$ otp
Syntax:
otp [nickname]
Stored OTP keys:
example.com
To add a new OTP key:
otp -a
It's a shell script, easy to customize. For example, by default it stores encrypted keys in ~/.config/oath
(or whatever $XDG_CONFIG_HOME
is set to, if it's not ~/.config
) but you can change that.
Using oathtool
there's currently no way to pass the secret key except as a command-line parameter. So, it will show briefly in the process table – in /proc
and via top
, ps
etc. See this thread for a longer explanation. If you're on a multiuser system this risk may concern you. One way to mitigate it: the Linux kernel has the hidepid
mount option, so you can hide processes from other users by mounting /proc
with the hidepid=2
mount option.
Otherwise, the script is written with the goal of minimizing potential exposure of secret keys. Contributions/improvements are welcome.
Please!