NAME

       pass-otp - A pass(1) extension for managing one-time-password (OTP) tokens.

SYNOPSIS

       pass otp [ COMMAND ] [ OPTIONS ]... [ ARGS ]...

DESCRIPTION

       pass-otp  extends  the pass(1) utility with the otp command for adding OTP secrets, generating OTP codes,
       and displaying secret key URIs using the standard otpauth:// scheme.

       If no COMMAND is specified, COMMAND defaults to code.

COMMANDS

       otp code [ --clip, -c ] pass-name

              Generate and print an OTP code from the secret key  stored  in  pass-name  using  oathtool(1).  If
              --clip  or  -c  is  specified,  do  not  print the code but instead copy it to the clipboard using
              xclip(1) and then restore the clipboard  after  45  (or  PASSWORD_STORE_CLIP_TIME)  seconds.  This
              command is alternatively named show.

       otp insert [ --force, -f ] [ --echo, -e ] [ [ --secret, -s ] [ --issuer, -i issuer ] [ --account, -a
       account ] ] [ pass-name ]

              Prompt for and insert a new OTP secret into the password store at pass-name.

              If  --secret is specified, prompt for the secret value, assuming SHA1 algorithm, 30-second period,
              and 6 OTP digits. One or both of issuer and account must also be specified.

              If --secret is not specified, prompt for a key URI; see the documentation  at  https://github.com/
              google/google-authenticator/wiki/Key-Uri-Format for the key URI specification.

              The  secret  is  consumed from stdin; specify --echo or -e to echo input when running this command
              interactively. If pass-name is not specified, convert the issuer:accountname URI label to  a  path
              in  the form of isser/accountname. Prompt before overwriting an existing secret, unless --force or
              -f is specified. This command is alternatively named add.

       otp append [ --force, -f ] [ --echo, -e ] [ [ --secret, -s ] [ --issuer, -i issuer ] [ --account, -a
       account ] ] pass-name

              Append an OTP secret to the password stored in pass-name, preserving any existing lines.

              If --secret is specified, prompt for the secret value, assuming SHA1 algorithm, 30-second  period,
              and 6 OTP digits. One or both of issuer and account must also be specified.

              If  --secret  is not specified, prompt for a key URI; see the documentation at https://github.com/
              google/google-authenticator/wiki/Key-Uri-Format for the key URI specification.

              The URI is consumed from stdin; specify --echo or -e to  echo  input  when  running  this  command
              interactively. Prompt before overwriting an existing secret, unless --force or -f is specified.

       otp uri [ --clip, -c | --qrcode, -q ] pass-name

              Print  the  key  URI stored in pass-name to stdout. If --clip or -c is specified, do not print the
              URI but instead copy it to the clipboard using xclip(1) and then restore the  clipboard  after  45
              (or  PASSWORD_STORE_CLIP_TIME)  seconds.  If --qrcode or -q is specified, do not print the URI but
              instead display a QR code using qrencode(1) either to the terminal or graphically if supported.

       otp validate uri

              Test a URI string for validity according to the Key Uri Format. For more  information  about  this
              format,  see  the  documentation  at  https://github.com/google/google-authenticator/wiki/Key-Uri-
              Format.

OPTIONS

       help, -h, --help
              Show usage message.

EXAMPLES

       Insert new OTP seed
              $ pass otp insert totp-secret
              For    totp     the     secret     will     be     in     the     format:     otpauth://totp/totp-
              secret?secret=AAAAAAAAAAA&issuer=totp-secret

       To use your webcam to scan a QR code
              $ zbarcam -q --raw | pass otp insert totp-secret

       To use your webcam to append to an existing passfile
              $ zbarimg -q --raw google-qrcode.png | pass otp append google/example@gmail.com
              If  you have a clipboard management console tool such as `wl-clipboard` for Wayland installed, you
              can also select "Copy Image" in your favorite browser and run
              $ wl-paste | zbarimg -q --raw - | pass otp append google/example@gmail.com

       Generate a 2FA code using seed
              $ pass otp totp-secret

       Display a QR code for an OTP token:
              $ pass otp uri -q totp-secret

SEE ALSO

       pass(1), qrencode(1), zbarimg(1)

AUTHORS

       pass-otp was written by Tad Fisher.

COPYING

       This program is free software: you can redistribute it and/or modify  it  under  the  terms  of  the  GNU
       General  Public License as published by the Free Software Foundation, either version 3 of the License, or
       (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY  WARRANTY;  without  even
       the  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
       License for more details.

       You should have received a copy of the GNU General Public License along with this program.  If  not,  see
       <http://www.gnu.org/licenses/>.

Password store OTP extension                    2023 September 21                                    PASS-OTP(1)