aboutsummaryrefslogtreecommitdiff
path: root/pass-otp.1
blob: 9bded0ca65f519c030dc39322e53ca47af7a20b4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
.TH PASS-OTP 1 "2017 March 19" "Password store OTP extension"

.SH NAME
pass-otp - A \fBpass\fP(1) extension for managing one-time-password (OTP) tokens.

.SH SYNOPSIS
.B pass otp
[
.I COMMAND
] [
.I OPTIONS
]... [
.I ARGS
]...

.SH DESCRIPTION

.B pass-otp
extends the
.BR pass (1)
utility with the
.B otp
command for adding OTP secrets, generating OTP codes, and displaying secret key
URIs using the standard \fIotpauth://\fP scheme.

If no COMMAND is specified, COMMAND defaults to \fBcode\fP.

.SH COMMANDS

.TP
\fBotp code\fP [ \fI--clip\fP, \fI-c\fP ] [ \fI--quiet\fP, \fI-q\fP ] \fIpass-name\fP

Generate and print an OTP code from the secret key stored in \fIpass-name\fP
using \fBoathtool\fP(1). If \fI--clip\fP or \fI-c\fP is specified, do not print
the code but instead copy it to the clipboard using \fBxclip\fP(1)
and then restore the clipboard after 45 (or \fIPASSWORD_STORE_CLIP_TIME\fP)
seconds. If \fI--quiet\fP or \fI-q\fP is specified, do not print
the git update message to standard out. This command is alternatively named
\fBshow\fP.

.TP
\fBotp insert\fP [ \fI--force\fP, \fI-f\fP ] [ \fI--echo\fP, \fI-e\fP ] \
[ [ \fI--secret\fP, \fI-s\fP ] [ \fI--issuer\fP, \fI-i\fP \fIissuer\fP ] \
[ \fI--account\fP, \fI-a\fP \fIaccount\fP ] [ \fI--path\fP, \fI-p\fP \fIpath-name\fP ] ] \
[ \fIpass-name\fP ]

Prompt for and insert a new OTP secret into the password store at
\fIpass-name\fP.

If \fI--secret\fP is specified, prompt for the \fIsecret\fP value, assuming SHA1
algorithm, 30-second period, and 6 OTP digits. One or both of \fIissuer\fP and
\fIaccount\fP must also be specified.

If \fI--secret\fP is not specified, prompt for a key URI; see the documentation at
.UR https://\:github.\:com/\:google/\:google-authenticator/\:wiki/\:Key-Uri-Format
.UE
for the key URI specification.

The secret is consumed from stdin; specify \fI--echo\fP or \fI-e\fP to echo input
when running this command interactively. If \fIpass-name\fP is not specified,
convert the \fIissuer:accountname\fP URI label to a path in the form of
\fIisser/accountname\fP. Prompt before overwriting an existing secret, unless
\fI--force\fP or \fI-f\fP is specified. This command is alternatively named
\fBadd\fP.

\fI--path\fP specifies a path prefix to the generated path from the URI label.

.TP
\fBotp append\fP [ \fI--force\fP, \fI-f\fP ] [ \fI--echo\fP, \fI-e\fP ] \
[ [ \fI--secret\fP, \fI-s\fP ] [ \fI--issuer\fP, \fI-i\fP \fIissuer\fP ] \
[ \fI--account\fP, \fI-a\fP \fIaccount\fP ] ] \fIpass-name\fP

Append an OTP secret to the password stored in \fIpass-name\fP, preserving any
existing lines.

If \fI--secret\fP is specified, prompt for the \fIsecret\fP value, assuming SHA1
algorithm, 30-second period, and 6 OTP digits. One or both of \fIissuer\fP and
\fIaccount\fP must also be specified.

If \fI--secret\fP is not specified, prompt for a key URI; see the documentation at
.UR https://\:github.\:com/\:google/\:google-authenticator/\:wiki/\:Key-Uri-Format
.UE
for the key URI specification.

The URI is consumed from stdin; specify \fI--echo\fP or \fI-e\fP to echo input
when running this command interactively. Prompt before overwriting an existing
secret, unless \fI--force\fP or \fI-f\fP is specified.

.TP
\fBotp uri\fP [ \fI--clip\fP, \fI-c\fP | \fI--qrcode\fP, \fI-q\fP ] \fIpass-name\fP

Print the key URI stored in \fIpass-name\fP to stdout. If \fI--clip\fP or
\fI-c\fP is specified, do not print the URI but instead copy it to the clipboard
using
.BR xclip (1)
and then restore the clipboard after 45 (or \fIPASSWORD_STORE_CLIP_TIME\fP)
seconds. If \fI--qrcode\fP or \fI-q\fP is specified, do not print the URI but
instead display a QR code using
.BR qrencode (1)
either to the terminal or graphically if supported.

.TP
\fBotp validate\fP \fIuri\fP

Test a URI string for validity according to the Key Uri Format. For more
information about this format, see the documentation at
.UR https://\:github.\:com/\:google/\:google-authenticator/\:wiki/\:Key-Uri-Format
.UE .

.SH OPTIONS

.TP
\fBhelp\fP, \fB\-h\fP, \fB\-\-help\fP
Show usage message.

.SH SEE ALSO
.BR pass (1),
.BR qrencode (1),
.BR zbarimg (1)

.SH AUTHORS
.B pass-otp
was written by
.MT tadfisher@gmail.com
Tad Fisher
.ME .

.SH COPYING
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.