OATH Commands

Acronyms and their definitions are listed at the bottom of the Base Commands page.

ykman oath [OPTIONS] COMMAND [ARGS]…

Description:	Manage OATH application.

Examples

Generate codes for accounts starting with yubi:

$ ykman oath accounts code yubi

Add an account, with the secret key f5up4ub3dw and the name yubico, that requires touch:

$ ykman oath accounts add yubico f5up4ub3dw --touch

Set a password for the OATH application:

$ ykman oath access change-password

Options

Option	Description
`-h, --help`	Show this message and exit.

Commands

Command	Description
`access`	Manage password protection for OATH.
`accounts`	Manage and use OATH accounts.
`info`	Display general status of OATH application.
`reset`	Reset all OATH data.

ykman oath access [OPTIONS] COMMAND [ARGS]…

Description:	Manage password protection for OATH.

Options

Option	Description
`-h, --help`	Show this message and exit.

Commands

Command	Description
`change`	Change the password used to protect OATH accounts.
`forget`	Remove a stored password from this computer.
`remember`	Store the YubiKey password on this computer to avoid having to enter it on each use.

ykman oath access change [OPTIONS]

Description:	Change the password used to protect OATH accounts. Allows you to set or change a password that is required to access the OATH accounts stored on the YubiKey.

Options

Option	Description
`-h, --help`	Show this message and exit.
`-c, --clear`	Clear the current password.
`-n, --new-password TEXT`	Provide a new password as an argument.
`-p, --password TEXT`	Provide a password to unlock the YubiKey.

ykman oath access forget [OPTIONS]

Description:	Remove a stored password from this computer.

Options

Option	Description
`-h, --help`	Show this message and exit.
`-a, --all`	Remove all stored passwords.

ykman oath access remember [OPTIONS]

Description:	Store the YubiKey password on this computer to avoid having to enter it on each use.

Options

Option	Description
`-h, --help`	Show this message and exit.
`-p, --password TEXT`	Provide a password to unlock the YubiKey.

ykman oath accounts [OPTIONS] COMMAND [ARGS]…

Description:	Manage and use OATH accounts.

Options

Option	Description
`-h, --help`	Show this message and exit.

Commands

Command	Description
`add`	Add a new account.
`code`	Generate codes.
`delete`	Delete an account.
`list`	List all accounts.
`rename`	Rename an account (Requires YubiKey 5.3 or later).
`uri`	Add a new account from an `otpauth://` URI.

ykman oath accounts add [OPTIONS] NAME [SECRET]

Description:	Add a new account. This adds a new OATH account to the YubiKey.

Arguments

Argument	Description
`NAME`	Provide a name for this account.
`SECRET`	Optional.

Options

Option	Description
`-h, --help`	Show this message and exit.
`-a, --algorithm` `[SHA1\|SHA256\|SHA512]`	Algorithm to use for code generation.[default: SHA1]
`-c, --counter INTEGER`	Initial counter value for HOTP accounts.
`-d, --digits [6\|7\|8]`	Number of digits in generated code. [default: 6]
`-f, --force`	Confirm the action without prompting.
`-i, --issuer TEXT`	Issuer of the account.
`o, --oath-type [[HOTP\|TOTP]`	Time-based (TOTP) or counter-based (HOTP) account. [default: 32]
`-p, --password TEXT`	Provide a password to unlock the YubiKey.
`-p, --period INTEGER`	Number of seconds a TOTP code is valid. [default: 30]
`-r, --remember`	Remember the password on this machine.
`-t, --touch`	Require touch on YubiKey to generate code.

ykman oath accounts code [OPTIONS] [QUERY]

Description:	Generate codes. Generate codes from OATH accounts stored on the YubiKey. Accounts of type HOTP or those that require touch, also require a single match to be triggered.

Arguments

Argument	Description
`QUERY`	Provide a query string to match one or more specific accounts.

Options

Option	Description
`-h, --help`	Show this message and exit.
`-H, --show-hidden`	Include hidden accounts.
`-p, --password TEXT`	Provide a password to unlock the YubiKey.
`-r, --remember`	Remember the password on this machine.
`-s, --single`	Ensure only a single match, and output only the code.

ykman oath accounts delete [OPTIONS] QUERY

Description:	Delete an account. Delete an account from the YubiKey. Provide a query string to match the account to delete.

Arguments

Argument	Description
`QUERY`	Provide a query string to match one or more specific accounts.

Options

Option	Description
`-h, --help`	Show this message and exit.
`-f, --force`	Confirm deletion without prompting
`-p, --password TEXT`	Provide a password to unlock the YubiKey.
`-r, --remember`	Remember the password on this machine.

ykman oath accounts list [OPTIONS]

Description:	List all accounts. List all accounts stored on the YubiKey.

Options

Option	Description
`-h, --help`	Show this message and exit.
`-H, --show-hidden`	Include hidden accounts.
`-o, --oath-type`	Display the OATH type.
`-p, --password TEXT`	Provide a password to unlock the YubiKey.
`-p, --period`	Display the period.
`-r, --remember`	Remember the password on this machine.

ykman oath accounts rename [OPTIONS] QUERY NAME

Description:	Rename an account (Requires YubiKey 5.3 or later).

Arguments

Argument	Description
`QUERY`	A query to match a single account (as shown in `list`).
`NAME`	The name of the account (use `<issuer>:<name>` to specify the issuer).

Options

Option	Description
`-h, --help`	Show this message and exit.
`-f, --force`	Confirm rename without prompting.
`-p, --password TEXT`	Provide a password to unlock the YubiKey.
`-r, --remember`	Remember the password on this machine.

ykman oath accounts uri [OPTIONS] URI

Description:	Add a new account from an `otpauth://` URI. Use a URI to add a new account to the YubiKey.

Arguments

Argument	Description
`URI`	Specify URI path for account.

Options

Option	Description
`-h, --help`	Show this message and exit.
`-f, --force`	Confirm the action without prompting.
`-p, --password TEXT`	Provide a password to unlock the YubiKey.
`-r, --remember`	Remember the password on this machine.
`-t, --touch`	Require touch on YubiKey to generate code.

ykman oath info [OPTIONS]

Description:	Display status of OATH application.

Options

Option	Description
`-h, --help`	Show this message and exit.

ykman oath reset [OPTIONS]

Description:	Reset all OATH data. This action deletes all accounts and restores factory settings for the OATH application on the YubiKey.

Options

Option	Description
`-h, --help`	Show this message and exit.
`-f, --force`	Confirm the action without prompting.

To get in touch with Yubico Support, go to https://support.yubico.com/hc/en-us/requests/new.

To get in touch with Yubico Support, click here.