lpass

Log in to your LastPass account, by entering your master password when prompted

$ lpass login [username]

$ lpass status

$ lpass ls

$ lpass generate --username [username] --url [gmail.com] [myinbox] [password_length]

$ lpass show [myinbox] --password

lpass [GLOBAL-OPTIONS]  [COMMAND-OPTIONS] [ARGUMENTS]

  lpass login [--trust --plaintext-key]
  lpass logout
  lpass status
  lpass ls [-l --sync=now] [GROUP/NAME]
  lpass show [--clip --password --username --url --notes --field=FIELD] ID|NAME
  lpass generate [--no-symbols --num-numbers --length=LEN --num-repeating=NUM --num-uppercase] ID|NAME
  lpass add [--generate --notes --non-interactive] ID|NAME
  lpass sync

-h, --help
    Displays help information for the lpass client or a specific command.

-v, --version
    Shows the lpass client version.

--sync=
    Controls vault synchronization behavior. Modes: auto (default), now (forces sync), no (prevents sync).

--quiet
    Suppresses non-essential output, useful for scripting and automation.

--color
    Forces color output even when stdout is not connected to a TTY.

--no-color
    Disables color output.

--disable-key-repeat
    Attempts to disable key repeat during sensitive input prompts, enhancing security.

lpass is the official command-line client for LastPass, a widely used online password manager. It empowers users to securely interact with their LastPass vault directly from the terminal, offering a robust alternative to the graphical interface. This tool is invaluable for system administrators, developers, and users who prefer a text-based workflow or require automation capabilities.

Key functionalities include logging in and out, listing all stored sites and secure notes, retrieving specific credentials, generating strong, unique passwords, adding new entries, and modifying existing ones. lpass handles sensitive data by encrypting and decrypting the vault locally on the user's machine, ensuring that the master password and vault contents are never exposed in plaintext outside of the user's control. It supports features like multifactor authentication and integration with LastPass Enterprise accounts, making it a versatile tool for both individual and organizational use.

• Online Dependency: While lpass utilizes a local encrypted cache, initial setup and subsequent synchronization require an active internet connection to communicate with the LastPass service.
• Master Password Handling: For security, avoid storing your LastPass master password in environment variables or scripts in plaintext. lpass is designed to prompt for it interactively when needed.
• Local Cache Security: lpass stores an encrypted copy of your vault in ~/.lpass. Ensure proper file permissions and protect this directory, as it contains your sensitive data.
• Terminal History: Commands like lpass show might output sensitive information to the terminal. Be mindful of shell history and logs, and clear them if necessary to prevent exposure.

After installation, the first step is typically to run lpass login to authenticate with your LastPass account. This command will prompt for your email and master password. Upon successful login, lpass establishes a session and optionally caches your vault locally. You can check your login status with lpass status and terminate your session with lpass logout.

lpass maintains a local, encrypted cache of your LastPass vault, typically located at ~/.lpass. This cache allows for faster retrieval of credentials and enables some operations even when offline. The cache is encrypted using a key derived from your LastPass master password, meaning sensitive data is only decrypted in memory when lpass is actively used and authenticated.

One of the primary benefits of lpass is its suitability for scripting. Commands like lpass show --password can be piped into other tools, allowing for automated credential retrieval in scripts or integration with configuration management systems. When scripting, it's recommended to use the --non-interactive flag where applicable and carefully consider security implications of passing sensitive data.

The lpass client originated as an independent, unofficial command-line interface for LastPass, initially developed by Kyle Spearin. Its creation filled a significant gap for Linux users and CLI enthusiasts who desired direct terminal access to their LastPass vaults without relying on browser extensions or unofficial scripts. Recognizing its utility and growing popularity, LastPass officially adopted and began maintaining the lpass project under the LastPass GitHub organization. This transition solidified lpass's role as the go-to command-line solution, ensuring its continued development, security, and compatibility with the LastPass service. It remains an open-source project, actively maintained and improved by LastPass employees and community contributors.

pass(1), keepassxc-cli(1), gpg(1)