How do I install cloak using Cargo?

After installing Rust, run 'cargo install cloak' in the terminal, then add the Cargo bin directory to your PATH, as detailed in the Installation section of the README.

Can cloak scan QR codes for adding accounts?

No, cloak does not support QR code scanning; you must manually enter the base32-encoded secret key using the 'cloak add' command, which is a trade-off for local storage security.

How do I change where cloak stores my accounts?

Set the CLOAK_ACCOUNTS_DIR environment variable to an absolute path, as explained in the Customization section, to redirect the storage directory from the default .cloak/ folder.

Is cloak more secure than mobile apps like Google Authenticator?

Cloak emphasizes local storage to avoid cloud risks, but it lacks features like biometric locks; security depends on how you manage the local files compared to app-based encryption.

How do I delete an account in cloak?

Use the 'cloak delete ' command, which permanently removes the account from local storage, as shown in the Usage examples, with no recovery unless backed up.

Cloak vs other CLI tools like oathtool: which should I use?

Cloak offers integrated account management with local storage, while oathtool is more minimal and script-focused; choose Cloak for persistent accounts or oathtool for one-off code generation.

cloak

MITRustv0.3.0

A command-line OTP authenticator written in Rust that generates time-based and counter-based one-time passwords.

GitHub

308 stars17 forks0 contributors

What is cloak?

Cloak is a command-line OTP (One Time Password) authenticator application written in Rust that generates time-based (TOTP) and counter-based (HOTP) codes for two-factor authentication. It provides a secure, terminal-based alternative to mobile authenticator apps, storing accounts locally to avoid cloud-based QR code scanning risks. The tool makes it easier to copy codes directly from the terminal to login forms during authentication.

Target Audience

Developers and command-line users who need a secure, local, and scriptable method for generating two-factor authentication codes, particularly those working on Linux, macOS, or Windows systems who prefer terminal workflows over mobile apps.

Value Proposition

Developers choose Cloak for its emphasis on security through local storage, avoiding the risks associated with scanning QR codes to cloud-based services. Its unique selling point is being a reliable, open-source, cross-platform CLI tool built in Rust, offering transparent account management and easier code copying directly from the terminal.

Overview

A Command Line OTP Authenticator application.

Use Cases

Best For

Generating TOTP and HOTP codes securely from the command line without relying on mobile apps.

Related Projects

Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a project Star on GitHub

Managing two-factor authentication accounts locally to avoid cloud-based QR code scanning vulnerabilities.

Integrating OTP code generation into automated scripts or workflows via a terminal interface.

Users who prefer a lightweight, open-source alternative to proprietary authenticator applications.

Cross-platform development environments requiring consistent OTP access on Linux, macOS, and Windows.

Learning Rust through a practical, security-focused application project.

Not Ideal For

Users who need OTP codes synchronized across multiple devices or platforms.
Environments where quick setup via QR code scanning is preferred over manual key entry.
Teams requiring centralized management or backup of shared two-factor authentication accounts.

Pros & Cons

Pros

Local Key Storage

Stores accounts and recovery codes locally in a configurable directory, avoiding cloud-based QR code scanning risks as emphasized in the motivation section of the README.

Terminal Workflow Integration

Generates OTP codes directly in the terminal, making it easy to copy and paste into login forms, which is a core use case highlighted in the description.

Cross-Platform Consistency

Works on Linux, macOS, and Windows with a uniform command-line interface, ensuring reliable OTP access across different operating systems.

Open-Source Transparency

Built in Rust as an open-source project, allowing for code inspection and contributing to security and trust, as mentioned in the philosophy.

Cons

No QR Code Scanning

Requires manual entry of base32-encoded keys, which can be cumbersome compared to authenticator apps that support QR code scanning, a limitation inferred from the focus on avoiding QR risks.

Lack of Synchronization

Accounts are stored locally per machine with no built-in sync, making it inconvenient for users who need access from multiple devices without manual configuration.

Manual Backup Management

Users must manually handle backups of the account directory, as local storage means data loss risk if not properly maintained, despite configurable paths via environment variables.

Open Source Alternative To

cloak is an open-source alternative to the following products:

Google Authenticator

A mobile app that generates two-factor authentication (2FA) codes for signing into Google accounts and other services that support time-based one-time passwords.

Microsoft Authenticator

Microsoft Authenticator is a mobile app that provides two-factor authentication for Microsoft accounts and other services using time-based one-time passwords or push notifications.

Authy

Authy is a two-factor authentication (2FA) application that provides secure login verification via time-based one-time passwords (TOTP) and push notifications. It is owned by Twilio.

Frequently Asked Questions

Home

Rust

RustDesk

An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.

Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs

Stars60,422

Forks2,806

Last commit22 hours ago

Warp

Warp is an agentic development environment, born out of the terminal.

Stars58,746

Forks4,550

Last commit17 hours ago

RuView

π RuView turns commodity WiFi signals into real-time spatial intelligence, vital sign monitoring, and presence detection — all without a single pixel of video.

Stars58,435

Forks7,633

Last commit19 hours ago

#totp

#otp

#two-factor-authentication