# Install cotp with Homebrew, apk, apt, Nix, pacman

TOTP/HOTP authenticator app with import functionality. Version 1.9.10 via Homebrew; verified 2026-05-03.

## Install

```sh
sudo av install brew:cotp
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install cotp
```

  Evidence: local Homebrew formula metadata

### Linux

- apk (92%):

```sh
sudo apk add cotp
```

  Evidence: Alpine Linux edge package indexes: cotp from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz

- Debian apt (92%):

```sh
sudo apt install cotp
```

  Evidence: Debian stable package indexes: cotp from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- Nix (92%):

```sh
nix profile install nixpkgs#cotp
```

  Evidence: nixpkgs package indexes: pkgs/by-name/co/cotp/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S cotp
```

  Evidence: Arch Linux sync databases: cotp from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

## Package facts

- **Package key:** brew:cotp
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/cotp>
- **Version:** 1.9.10
- **Source summary:** TOTP/HOTP authenticator app with import functionality
- **Homepage:** <https://github.com/replydev/cotp>
- **Repository:** <https://github.com/replydev/cotp>
- **Upstream docs:** <https://github.com/replydev/cotp#readme>
- **License:** GPL-3.0-only
- **Source archive:** <https://github.com/replydev/cotp/archive/refs/tags/v1.9.10.tar.gz>
- **Last updated:** 2026-05-03T12:28:26Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- cotp (cli)
- cotp (alias)

## Build dependencies

- rust

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.9.10
- Package-manager updated: 2026-05-03
- Local data: ok
- Upstream repository: https://github.com/replydev/cotp
- Upstream latest detected: v1.9.10 (current)
## Project history and usage

cotp is a command-line TOTP/HOTP authenticator aimed at users who want two-factor codes in a terminal-accessible, encrypted local database. Its niche is the intersection of password-manager-like local storage and Unix-style CLI workflows.

### Project history

The replydev/cotp repository was created in December 2020 and published its first GitHub release later that month. The README says the author created cotp to have minimalist, secure, desktop-accessible software for managing two-factor authentication codes.

### Adoption history

The project has remained a smaller security utility rather than a large platform. Its README notes distribution in Linux distro repositories and gives Homebrew, Cargo, and manual source installation paths, which is typical for Rust command-line tools that serve both desktop and shell users.

### How it is used

cotp initializes an encrypted database on first run, displays OTP codes in an interactive dashboard, can add TOTP and HOTP entries, lists records as JSON, imports encrypted Aegis backups, exports its database, and can copy selected codes to the clipboard.

### Why package nerds care

For package nerds, cotp is notable because it packages sensitive local credential material without depending on a cloud account. The distribution concern is less about daemons or services and more about preserving a stable CLI, encryption format, clipboard integration, and migration/import behavior.

### Timeline

- 2020: replydev/cotp repository created and first release published.
- 2020: README documented encrypted database storage and import/migration from other authenticator apps.
- 2026: Project continued publishing releases.

### Related projects

- Aegis, andOTP, Authy migration tooling, RFC 6238 TOTP, RFC 4226 HOTP.

### Sources

- <https://github.com/replydev/cotp>
- <https://api.github.com/repos/replydev/cotp>
- <https://api.github.com/repos/replydev/cotp/releases?per_page=100>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Credential files

- Unix: ~/.cotp/db.cotp
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** cotp
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Debian apt - cotp - 1.9.2-1+b3: normalized package name match | Debian stable package indexes: cotp from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Trustworthy, encrypted, command-line TOTP/HOTP authenticator app with import functionality. | https://github.com/replydev/cotp
- Nix - cotp: normalized package name match | nixpkgs package indexes: pkgs/by-name/co/cotp/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- apk - cotp - 1.9.7-r0: normalized package name match | Alpine Linux edge package indexes: cotp from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | Trustworthy, encrypted, command-line TOTP/HOTP authenticator app with import functionality | https://github.com/replydev/cotp
- pacman - cotp - 1.9.10-1: normalized package name match | Arch Linux sync databases: cotp from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Trustworthy, encrypted, command-line TOTP/HOTP authenticator app with import functionality | https://github.com/replydev/cotp


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [rust](https://www.automicvault.com/pkg/brew/rust/) - Build dependency declared by Homebrew.
- [gauth](https://www.automicvault.com/pkg/brew/gauth/) - Shares av.db curated category or tags: authentication, cli, security, totp, two-factor-authentication.
- [google-authenticator-libpam](https://www.automicvault.com/pkg/brew/google-authenticator-libpam/) - Shares av.db curated category or tags: authentication, cli, security, totp, two-factor-authentication.
- [oath-toolkit](https://www.automicvault.com/pkg/brew/oath-toolkit/) - Shares av.db curated category or tags: authentication, cli, hotp, security, totp.
- [rsc_2fa](https://www.automicvault.com/pkg/brew/rsc-2fa/) - Shares av.db curated category or tags: authentication, cli, security, totp, two-factor-authentication.
- [duo_unix](https://www.automicvault.com/pkg/brew/duo-unix/) - Shares av.db curated category or tags: authentication, cli, security, two-factor-authentication.
- [steamguard-cli](https://www.automicvault.com/pkg/brew/steamguard-cli/) - Shares av.db curated category or tags: authentication, cli, security, totp.
- [totp-cli](https://www.automicvault.com/pkg/brew/totp-cli/) - Shares av.db curated category or tags: authentication, cli, security, totp.
- [cyrus-sasl](https://www.automicvault.com/pkg/brew/cyrus-sasl/) - Shares av.db curated category or tags: authentication, cli, security.

## Combined YAML source

View the package source record on GitHub. [combined/cotp.yml](https://github.com/automic-vault/db/blob/main/combined/cotp.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
