HELP FILE

Use the LastPass Command Line Application

The LastPass command line application is an open source project that allows you to create, edit, and retrieve passwords in your online LastPass Vault via the terminal on Mac, Linux, and Windows using Cygwin. You can also generate passwords for every server you use, and securely store those passwords directly in LastPass, as well as use subcommands. Additionally, LastPass Enterprise users can automate sharing using shared folders.

Please note that due to this application being open source and reliant on the Github community for building out features and enforcement of policies (and additionally being approved by LastPass), there are known limitations.

The command line application is hosted on Github at https://github.com/LastPass/lastpass-cli. Additionally, you can report issues at https://github.com/LastPass/lastpass-cli/issues. For more detailed information about using the command line application, please see the command line application manual.

Create, edit, and retrieve passwords via the command line

Users who prefer the command line can access their data directly with “lpass ls” then using “lpass show -c –password Sitename” to put the Sitename password on the copy buffer. You can utilize “lpass show” to store passwords used in scripts, rather than putting passwords in the scripts themselves. LastPass can also be used as you work within the command line to help you log in to servers. We’ve included some example scripts in the contrib directory of the archive.

LastPass users can also use the command line to log in to other machines as they work. There are examples such as contrib/examples/change-ssh-password.sh which show automated password changing on a server. You can run it automatically on a nightly basis, regularly changing the password on the server as a security measure.

Automate sharing

Use the “lpass share” commands to manage shared folders as follows:

  • Create a new shared folder using “lpass share create”
  • Query existing users with “lpass share userls”
  • Add new users with “lpass share useradd”.

The standard “lpass generate” command works with shared folders, so you can easily create sites and share with multiple users using lpass. For more information, please see the manual for more shared folder commands.

lpass subcommands

lpass, like git, is comprised of several subcommands:

  • lpass login [--trust] [--plaintext-key [--force, -f]] USERNAME
  • lpass logout [--force, -f]
  • lpass show [--sync=auto|now|no] [--clip, -c] [--all|--username|--password|--url|--notes|--field=FIELD|--id|--name] {UNIQUENAME|UNIQUEID}
  • lpass ls [--sync=auto|now|no] [GROUP]
  • lpass edit [--sync=auto|now|no] [--non-interactive] {--name|--username|--password|--url|--notes|--field=FIELD} {NAME|UNIQUEID}
  • lpass generate [--sync=auto|now|no] [--clip, -c] [--username=USERNAME] [--url=URL] [--no-symbols] {NAME|UNIQUEID} LENGTH
  • lpass duplicate [--sync=auto|now|no] {UNIQUENAME|UNIQUEID}
  • lpass rm [--sync=auto|now|no] {UNIQUENAME|UNIQUEID}
  • lpass sync [--background, -b]

You can view the full documentation in the manpage, ‘man lpass‘ or view the online manual.

Known limitations

Since the main purpose of the CLI tool is to work with LastPass Vault entries in a programmatic way, the following Enterprise policies that require client-side enforcement are not currently supported when using this tool:

  • Remember Master Password
  • Account Logoff on Browser Close
  • Account Logoff on Browser Idle
  • Account Logoff on Computer Lock
  • Account Logoff on Screensaver
  • Account Logoff on Shutdown/Logoff
  • Prohibit Export
  • Prohibit Import
  • Site Password Length
  • Disable Identities
  • Setting Default Account for New Sites
  • Prohibit Bookmarklets
  • Prohibit Master Password Revert
  • Prohibit Master Password Hint
  • Prohibit Account Recovery
  • Prevent Multifactor Disable via Email
  • Require Password Reprompt on Copy/View
  • Log Name(both client and server)
  • Prohibit Shared Folders Outside Enterprise (both client and server)
  • Disable Secure Notes (both client and server)
  • Prohibit Sharing (both client and server)
  • Prohibit Sharing Except for Shared Folders (both client and server)
  • Save Personal Sites to Personal Vault (both client and server)
  • Disable Fingerprint Reader Authentication (both client and server)
  • Disable Autofill (both client and server)