Keystone is a simple Slack application for generating TOTP codes for a shared account.
Just type /keystone
in the configured channel to be granted a new two-factor code:
Keystone runs as a self-hosted Slack Bolt application.
The bot is configured via environment variables. You can use .env.example
as a template.
- Create a new Slack application and install it into your workspace.
- Get the bot token from the "OAuth & Permissions" page & store it as
SLACK_BOT_TOKEN
. - Get the signing secret from the "App Credentials" page & store it as
SLACK_SIGNING_SECRET
. - Store your TOTP secret in the
TOTP_SECRET
environment variable. It looks likeotpauth://totp/...
and can be read via 1Password (and perhaps other tools). This is how we'll generate two-factor codes for this website. - Create a
/keystone
command on the "Slash Commands" tab. The Request URL should point to your app, with a/slack/events
path. For example, if you're hosting your Keystone bot athttps://keystone-bot.herokuapp.com/
, you'd enterhttps://keystone-bot.herokuapp.com/slack/events
here. - Optionally, set
KEYSTONE_CHANNEL
to limit Keystone usage to a specific channel.
At some point, I'd like to add support for multiple TOTP generators & easier secret configuration.
© David Furnes. Keystone is released under the MIT License.