Utility to generate TOTP tokens
The secret tokens are saved in the systems keychain (via 99designs/go-keychain).
To add a totp TOTP secret, run
totpgen set "<secret-name>" "totp-secret"
# eg
totpgen set google "SAucYHYJyfma1Fa6uFlBqzUluusgIj1slSwKRoVvhGYZsVCt"
totpgen set aws "44uHJtA8IwpKy9JjaaprSizgZ2TSImDY8iUPvm1qaDHReOTJ"
To generate the current OPT code run
totpgen google
# output:
123456
You can also create a symlink to the script and name it after totpgen-<name>
(e.g. totpgen-google
).
Invoking the tool like this will also print the TOTP token for the specified name, no arguments required.
ln -sT totpgen totp-google
totp-google
# output:
123456
There are a couple more commands:
# show the names of saved totp configuration
totpgen list
# output:
google
aws
# to remove a secret use the 'set' command with an empty secret
totpgen set google ""
Via go install
:
go install github.com/floj/totpgen
~/go/bin/totpgen --help
Manual
git clone https://github.com/floj/totpgen.git
cd totogen
./build.sh
./totpgen --help
I don't provide precompiled binaries, because past expirence showed that cross-compiled binaries for Mac do not properly work with the OSX keychain. Thus, if you want to use it on Mac, you need to compile it yourself using one of the above command.
Main motivation was to use it in aws-vault. AWS Vault supports creating TOTP tokens via pass-otp. This is very nice, but limits you to use pass
. I created a scriptmfa
prompt provider (see genericscript.go) that is able to call whatever script you want. Just point it to totpgen-aws
by setting AWS_VAULT_MFA_SCRIPT=totpgen-aws
and you are good to go.