Scroll to navigation

ENCRYPTTOTPSECRETS(1p) User Contributed Perl Documentation ENCRYPTTOTPSECRETS(1p)


encryptTotpSecret - A tool to encrypt existing TOTP secrets


  encryptTotpSecret [options]


This script is a migration tool that you can use after enabling TOTP secret encryption in the Manager. It will make sure that existing secrets are encrypted, and not just newly registered secrets.


Print a brief help message and exit.
Prevent the script from saving modifications to the session database
By default, secrets that are already in encrypted form are skipped by the script. Use this option to force already encrypted secrets to be decrypted, then re-encrypted using a different key (or decrypted)
The key used to decrypt secrets in --update mode.

By default, the totp2fKey or key LemonLDAP::NG configuration parameters are used.

The key used to encrypt secrets. Use -u -k DECRYPT to decrypt secrets instead.

By default, the totp2fKey or key LemonLDAP::NG configuration parameters are used.

Encrypt existing TOTP secrets even if encryption is disabled in the configuration
Increase the level of details provided by the script





Use OW2 system to report bug or ask for features: <>


Lemonldap::NG is available at <>


This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see <>.

2022-02-23 perl v5.34.0