A simple command-line utility that allows users to securely add 2FA secrets and get OTP codes for various accounts directly from the terminal.
All secret keys are encrypted using a key derived from a password, which is set when adding first entry. The password itself is securely hashed using bcrypt.
Entries are stored in the $HOME directory on Linux and the %USERPROFILE% directory on Windows in a .2fa-cli.json file.
$ 2fa -h
Description:
2FA CLI tool
Usage:
2fa [command] [options]
Options:
--version Show version information
-?, -h, --help Show help and usage information
Commands:
add <service> <secret-key> Adds a new entry
get <service> Gets the current OTP code for a specified entry
list Lists all entries
remove, rm <service> Removes an existing entry
Adding a new entry:
$ 2fa add github nbswy3dpor3w6ztb
Entry 'github' added.
Getting the current OTP code for a specified entry:
$ 2fa get github
924313
Listing all entries:
$ 2fa list
github
Removing an existing entry:
$ 2fa rm github
Entry 'github' removed.
Each time the add or get commands are used, the tool prompts for a password to encrypt or decrypt secret keys.
$ 2fa get github
Enter password:
For convenience, the password can also be provided using the _2FA_CLI_PASSWORD environment variable.
# Linux example
export _2FA_CLI_PASSWORD='s0M35tr0NgP4$$W0rD'Warning: Storing passwords in environment variables can pose a security risk as they may be accessible by other processes running on the same system. Use this method only in secure environments and avoid using it on shared or multi-user systems. Ensure that the environment variable is cleared or removed after use to minimize exposure.
{
"PasswordHash": "$2a$11$gVUQlYe2WldoCo93JxdLe.tQgN.eD1QYcbxB69skesa4QYZjEmEJK",
"Entries": [
{
"Service": "github",
"SecretKey": "DmVSS8L27lGQ7cWsrWzEzg==:2KXQIEWTbrONknsO2wWxUMXLx6MMY41sx2FAkiIJhR8=",
"Type": "totp",
"Digits": 6
}
]
}
-
Clone the repository
git clone https://github.com/jurakovic/2fa-cli.git cd 2fa-cli -
Build (publish) with
dotnetcd src dotnet publish -c Release --self-contained bin/Release/net8.0/linux-x64/publish/2fa -h # mv to desired path
| Title | GitHub | NuGet |
|---|---|---|
| System.CommandLine | dotnet/command-line-api | System.CommandLine |
| bcrypt.net | BcryptNet/bcrypt.net | BCrypt.Net-Next |
| Otp.NET | kspearrin/Otp.NET | Otp.NET |
| TextCopy | CopyText/TextCopy | TextCopy |
This tool is intended for educational and personal use only. While every effort has been made to ensure the security and integrity of stored 2FA secrets, it is not recommended for use in high-security environments or as a replacement for professional-grade security solutions. Use this tool at your own risk. The author is not responsible for any data loss, security breaches, or other issues that may arise from the use of this software.