otpgen is a small CLI for generating TOTP (RFC 6238) one-time codes from a shared secret.
brew tap containeroo/tap
brew install --cask otpgenRequirements:
- Go
1.26.0
git clone git@github.com:containeroo/otpgen.git
cd otpgen
go build -o otpgen .otpgen expects one positional argument: a TOTP secret (typically Base32) from your identity provider.
Examples:
- GitHub 2FA secret
- Google Workspace account secret
- Any RFC 6238-compatible provider secret
Generate a code:
otpgen JBSWY3DPEHPK3PXPGenerate with a quoted secret:
otpgen "JBSWY3DPEHPK3PXP"Show version:
otpgen versionGenerate completion scripts:
otpgen completion bash
otpgen completion zsh
otpgen completion powershellRelease artifacts generate bash/zsh completion files during CI release builds. Completion files are not stored as static tracked files in this repository.
- Input validation:
- Exactly one positional argument is required.
- Whitespace-only secrets are rejected.
- Errors:
- All command errors are printed to
stderr. - Exit status is non-zero on failure.
- All command errors are printed to
- Output:
- On success, only the generated OTP code is written to
stdout.
- On success, only the generated OTP code is written to
- Treat TOTP secrets as credentials:
- Do not paste secrets into shared terminals or shell history where avoidable.
- Prefer environment-injected or ephemeral input paths in automated environments.
- Output is plain text:
- Anyone with terminal/log access can read generated codes.
- Avoid redirecting OTP output into persistent logs.