Home
Welcome to the 2ami wiki!
These pages aim to help you in understanding and using 2ami.
2ami is a two factor authentication password generator for the CLI that stores 2FA secrets in the Operating System secure storage, avoiding storing them in cleartext. Why is this approach better?.
OTP Secret keys are saved and retrieved from system keyring at each use, so are not being kept in process active memory if not during operation explicitly requiring them.
Security considerations: the secrets are still being loaded in memory when adding a new key and generating a new token, even if for a small amount of time. I believe this is a safe enough approach (in a normal threat model, please consider yours), and is surely better than plain secrets on file system. Happy to discuss security improvements! :)
Note: This software has not been security reviewed by a third party.
Enabled secret storage backends are:
- macOS Keychain
- Windows Credential Manager
- Secret Service (Gnome Keyring, KWallet)
More storage are available, a full list can be found here. If you are interested and able to test with the specified backend, just open a issue to have it added.
Go to the Release tab and grab your executable. Download it and add execution permissions.
You can watch for new releases through GitHub by watching the repository!
Generated token are formatted as Google Authenticator: zeros are prepended in place of missing digits.
Custom formatters may be implemented if needed.
None.