Authentication (Login)
To start with launch a first manual sync:
dcli sync
Authenticating to your personal vault requires your email. You will be then asked to validate a second factor to register the CLI to your account.
Supported primary authentication methods
- Master Password
- SSO (self-hosted)
- Confidential SSO (using Nitro Enclaves)
Requirements for SSO authentication
You must have:
- the latest Chrome browser installed on your machine
- a visual interface to be able to authenticate in the browser
- a machine that has a keychain (macOS, Windows, Linux with libsecret installed for instance)
The CLI will open a new incognito tab to authenticate you to your SSO provider.
Supported 2FA methods
- Email code validation (default)
- TOTP code validation (via an authenticator app)
- DUO push notification
By completing the device registration process, you’ll be now asked to enter your Master Password.
Lock the CLI
You can lock the CLI at any time by running:
dcli lock
This will require you to enter your Master Password again to unlock the CLI.
Options
Save Master Password
By default your Master Password will be saved locally in the OS keychain so you don’t have to enter it every time. You can disable this behavior with the following command:
dcli configure save-master-password false
Unlock with Biometrics
You can unlock the CLI with your biometrics (Touch ID, Face ID) if your machine supports it (only macOS for now).
dcli configure user-presence --method biometrics
And to disable it:
dcli configure user-presence --method none