oath-toolkit-wrapper(a.k.a. mfa)

Overview

This is a wrapper command for oath-toolkit. This command allows you to get TOTP from CLI w/o any hassle.

Usage

$ mfa -h
usage: mfa [-h | --help] [-[no]-c | --[no]-copy] [-a <account>| --account <account>] [-l | --list]
  -v, --version                      Prints the version.
  -h, --help                         Prints this message.
  -[no]-c, --[no]-copy               Copies the generated token to the Clipboard.(default)
  -a <account>, --account <account>  Copies the generated token of <account> to the Clipboard.
  -l, --list                         Prints a list of available authenticator accounts.

Demo

Dependencies

To use mfa command, first, the dependencies as follows should be installed:

• jq
• oath-toolkit
• OpenSSL
• peco

If the dependencies have not been installed, run the following:

$ brew install jq oath-toolkit openssl@1.1 peco

Installation

Clone this repository:

$ git clone https://github.com/Sean0628/oath-toolkit-wrapper.git ~/.oath-toolkit-wrapper

To use mfa command, edit the $PATH to include paths to the wrapper command.

zsh:

$ echo 'export PATH="$HOME/.oath-toolkit-wrapper/bin:$PATH"' >> ~/.zshrc
$ source ~/.zshrc

bash:

$ echo 'export PATH="$HOME/.oath-toolkit-wrapper/bin:$PATH"' >> ~/.bash_profile
$ source ~/.bash_profile

Configuration

Secret key

Follow the step by step instructions on the link below to extract your secret keys:

• Generating Authy passwords on other authenticators

Create secret file

1. Copy and paste your secret keys, and generate your own secrets.json file. cf. Sample format

2. Encrypt secrets.json with OpenSSL for security purposes. Run the following:

$ openssl enc -aes-256-cbc -a -salt -in secrets.json -out secrets.json.enc

You will be asked for the password. This password will be used when decrypting the secret file also.

3. Place encrypted secrets.json into config/ directory:

$ mv secrets.json.enc ~/.oath-toolkit-wrapper/config

4. Remove redundant secrets.json file:

$ rm secrets.json

[Optional]Password

It is possible to omit entering password each time you use mfa command by creating config/credentials.json.

Create credential file

1. Generate your own credentials.json file. cf. Sample format

This password should be the same password which is used to encrypt secrets.json file.

2. Place credentials.json into config/ directory:

$ mv credentials.json ~/.oath-toolkit-wrapper/config

3. Set permission and change the owner for security purposes:

$ chmod 400 config/credentials.json
$ sudo chown root config/credentials.json

Copyright

Copyright (c) 2020 Sho ITO. See LICENSE.md for further details.