a 'pass'-esque script for OAuth secrets and 2FA code generation, using gpg and oathtool.

2fa relies on gpg2 and oathtool. xclip or wl-clipboard is optional for copy-to-clipboard functionality.

git clone https://github.com/iofq/2fa
cd 2fa && sudo make install

to uninstall, sudo make uninstall

2fa uses your PGP key to encrypt OAuth secrets and store them locally in ~/.2fa. When generating codes, the reverse happens: the file is decrypted, piped into oathtool, and the resulting code copied to the clipboard (via xclip or wl-clipboard, if installed). Backing up ~/.2fa is highly recommended!

2fa -r email add <service> <secret_key> - Encrypts sercret key in ~/.2fa/<service>.key.gpg

2fa -r email gen <service> - Decrypts ~/.2fa/<service>.key.gpg and generates a one-time TOTP code from the secret. The TOTP code is copied to the clipboard via xclip or wl-clipboard, if installed.

2fa ls - Lists all services/secrets in ~/.2fa

-r [email protected] - 2fa uses your PGP/GPG key to encrypt files and needs to know which key to use. You can instead automate this by setting the env var $GPG_2FA to "[email protected]"