tofa add
Add a new account to the vault. Accepts a base32 --secret, an otpauth://
URI, or a path to a QR image.
Synopsis
tofa add [FLAGS]
Flags
| Flag | Description |
|---|---|
--name <NAME> | Account name (required when using --secret) |
--secret <BASE32> | Base32-encoded TOTP secret |
--uri <URI> | otpauth:// URI |
--qr <PATH> | Path to a QR code image |
Examples
From a base32 secret:
$ tofa add --name "GitHub:you" --secret JBSWY3DPEHPK3PXP
Passphrase: ********
✓ added GitHub:you
From an otpauth:// URI (issuer and label parsed automatically):
$ tofa add --uri "otpauth://totp/GitHub:you?secret=JBSWY3DPEHPK3PXP&issuer=GitHub"
Passphrase: ********
✓ added GitHub:you
From a QR image:
$ tofa add --qr ~/Downloads/github-qr.png
Passphrase: ********
✓ added GitHub:you (issuer=GitHub, label=you)
A migration QR (Google Authenticator export, contains many accounts) imports all of them at once:
$ tofa add --qr ~/Downloads/migration.png
Passphrase: ********
✓ added GitHub:you
✓ added Discord:you
✓ added Slack:work
imported 3 accounts
Notes
- Exactly one of
--secret,--uri, or--qris required. --secretrequires--name;--uriand--qrderive the name themselves (override with--name).- The vault is rewritten atomically: a temp file is written and then renamed, so the old vault is never partially overwritten.
- Exit code
0on success, non-zero on parse errors, wrong passphrase, or duplicate account ids.
See also
tofa scan— capture the screen instead of supplying a file.tofa cam— webcam capture.tofa import— bulk import from a JSON export.