tofa add
Add a new account to the vault. Accepts a base32 --secret, an otpauth://
URI, or a path to a QR image.
Synopsis
tofa add [FLAGS]
Flags
| Flag | Description |
|---|---|
--name <NAME> | Account name (required when using --secret) |
--secret <BASE32> | Base32-encoded TOTP secret |
--uri <URI> | otpauth:// URI |
--qr <PATH> | Path to a QR code image |
Examples
From a base32 secret:
$ tofa add --name "GitHub:you" --secret JBSWY3DPEHPK3PXP
Passphrase: ********
✓ added GitHub:you
From an otpauth:// URI (issuer and label parsed automatically):
$ tofa add --uri "otpauth://totp/GitHub:you?secret=JBSWY3DPEHPK3PXP&issuer=GitHub"
Passphrase: ********
✓ added GitHub:you
From a QR image:
$ tofa add --qr ~/Downloads/github-qr.png
Passphrase: ********
✓ added GitHub:you (issuer=GitHub, label=you)
A migration QR (Google Authenticator export, contains many accounts) imports all of them at once:
$ tofa add --qr ~/Downloads/migration.png
Passphrase: ********
Imported 3 account(s).
If the migration QR includes accounts you've already imported, the duplicates are skipped silently and the count reflects only the new ones:
$ tofa add --qr ~/Downloads/migration.png
Passphrase: ********
Imported 1 account(s) (2 duplicate(s) skipped).
Re-adding an account that's already in the vault errors out instead of creating a duplicate row:
$ tofa add --uri "otpauth://totp/GitHub:you?secret=JBSWY3DPEHPK3PXP&issuer=GitHub"
Passphrase: ********
Error: "GitHub:you" is already in the vault.
Notes
- Exactly one of
--secret,--uri, or--qris required. --secretrequires--name;--uriand--qrderive the name themselves (override with--name).- An entry is a duplicate when its name and secret both match a
row already in the vault. Rotating the secret (same name, new secret)
or filing the same secret under a second name still goes through.
This is the same rule the TUI, desktop app, and
tofa importuse. - The vault is rewritten atomically: a temp file is written and then renamed, so the old vault is never partially overwritten.
- Exit code
0on success, non-zero on parse errors, wrong passphrase, or an attempt to re-add an exact duplicate.
See also
tofa scan— capture the screen instead of supplying a file.tofa cam— webcam capture.tofa import— bulk import from a JSON export.