Skip to main content

CLI Reference

Provider List

rosec provider list

Shows all configured providers with their status:

ID              NAME             KIND           CAPS     STATE     LAST SYNC
─────────────────────────────────────────────────────────────────────────────
local           My Vault         local          WsKP     unlocked  never
bitwarden       Bitwarden        bitwarden-pm   SsCN     unlocked  2m ago
gnome-keyring   GNOME Keyring    gnome-keyring           unlocked

The CAPS column packs each provider's capabilities into a single token (WsKP, SsCN, etc). Decoding rules and a per-provider matrix live in the provider capabilities reference. The same column is shown by rosec status.

rosec search [key=value ...] [-s|--sync] [--format=table|kv|json|human]

Search for items across all providers. Attribute filters are key=value pairs; glob patterns (*, ?, [) in values trigger glob matching.

The -s / --sync flag syncs all providers that support Sync before searching. Providers without the Sync capability are skipped silently.

To find all items that have a TOTP seed:

rosec search rosec:totp=true

Items with a TOTP seed have the public attribute rosec:totp=true stamped automatically by the daemon. This attribute can be used as a search filter by any client that calls SearchItems({"rosec:totp": "true"}).

Sync

rosec sync

Triggers a sync on all providers that declare the Sync capability. Providers without it (e.g. local, gnome-keyring) are skipped.

TOTP

rosec totp [get|add] reads and stores time-based one-time passwords. Codes are also exposed via the FUSE mount at $XDG_RUNTIME_DIR/rosec/totp/ and the GetTotpCode D-Bus method. Full reference: TOTP.