zauth is a 2FA (Two-Factor Authentication) application for terminal written in Go.



  • Supports both TOTP and HOTP codes.
  • Add new entries directly from CLI.
    • support setting custom digits (default: 6)
    • support setting a custom period (TOTP) (default: 30)
    • support SHA1, SHA256 and SHA512 algorithms (TOTP)
  • Import/Export andOTP backups (encrypted files supported).
  • More upcoming features in What’s next

If you would like any other app to be supported, please create an issue and (if possible) provide an unencrypted sample backup file. Of course I am accepting pull requests as well 🙂


$ go install[email protected]

By default, zauth stores it entries in $HOME/.zauth directory.

Using Docker

zauth can be installed using docker as well. Running the following command pulls zauth image and runs zauth -h command.

$ docker run grijul/zauth:latest zauth -h

You can bind container’s /root/.zauth directory to your host’s $HOME/.zauth directory to use zauth.json from your host system. Something like this should work:

$ docker run -v $HOME/.zauth:/root/.zauth zauth:latest zauth

Important Note: There is only 1 docker image with latest tag on docker hub. Since there is no release cycle (as of now), I manually have to update the docker image whenever there are new commits. So the image is subject to be outdated and may not contain latest changes/fixes. I will try to update the image as frequently as possible.

If latest changes are desired, you can build docker image from source (it’s easier than it sounds).

Building from source

  • Clone repository and cd into dir

      $ git clone && cd zauth
  • Build using go build command

      $ go build .

Building docker image from source

  1. Clone repository and cd into dir

     $ git clone && cd zauth
  2. Build docker image

     $ docker build -t zauth:latest .
  3. Run docker image

     $ docker run zauth:latest zauth -h


Print OTP

$ zauth

If zauth.json file exists, corresponding entries will be printed. Else the above command will give a file not found error.

This will simply print zauth entries with OTP and exit. If you wish to watch zauth entries update every second, you can use watch command.

$ watch -n1 zauth

Add new entry

$ zauth entry -new

A prompt will be displayed to capture necessary details (secret, issuer, etc..).

List entries

$ zauth entry -list

Import decrypted file

<div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="$ zauth import -file -type

$ zauth import -file  -type