product icon
Use the LastPass Command Line Application

Use the LastPass Command Line Application

    The LastPass command line application is an open source project that allows you to create, edit, and retrieve passwords in your online LastPass vault via the terminal on Mac, Linux, and Windows using Cygwin. You can also generate passwords for every server you use, and securely store those passwords directly in LastPass, as well as use subcommands. Additionally, LastPass Business users can automate sharing using shared folders.

    Attention: To continue using the sharing functionality in LastPass via the command line application (CLI) tool, you must upgrade to the latest version (v1.3.4 and newer). If you are using an older version (v1.3.3 and earlier), the sharing functionality will no longer be supported or available.
    Troubleshooting: To increase the security of your master password, LastPass utilizes a stronger-than-typical version of Password-Based Key Derivation Function (PBKDF2) at a minimum of 600,000 rounds (for new accounts and those who update their existing iteration count). If you encounter an "Unknown Error" when using the LastPass Command Line Interface, you must update your password iterations value to be exactly 600,000 rounds. Learn how to update this value at How do I change my password iterations for LastPass?

    Please note that due to this application being open source and reliant on the Github community for building out features and enforcement of policies (and additionally being approved by LastPass), there are known limitations (see below).

    The command line application is hosted on Github at https://github.com/LastPass/lastpass-cli. Additionally, you can report issues at https://github.com/LastPass/lastpass-cli/issues. For more detailed information about using the command line application, please see the command line application manual.

    Create, edit, and retrieve passwords via the command line

    Users who prefer the command line can access their data directly with “lpass ls” then using “lpass show -c –password Sitename” to put the Sitename password on the copy buffer. You can utilize “lpass show” to store passwords used in scripts, rather than putting passwords in the scripts themselves. LastPass can also be used as you work within the command line to help you log in to servers. We’ve included some example scripts in the contrib directory of the archive.

    LastPass users can also use the command line to log in to other machines as they work. There are examples such as contrib/examples/change-ssh-password.sh which show automated password changing on a server. You can run it automatically on a nightly basis, regularly changing the password on the server as a security measure.

    Automate sharing

    Use the “lpass share” commands to manage shared folders as follows:

    • Create a new shared folder using “lpass share create”
    • Query existing users with “lpass share userls”
    • Add new users with “lpass share useradd”.

    The standard “lpass generate” command works with shared folders, so you can easily create sites and share with multiple users using lpass. For more information, please see the manual for more shared folder commands.

    lpass subcommands

    lpass, like git, is comprised of several subcommands:

    • lpass login [--trust] [--plaintext-key [--force, -f]] USERNAME
    • lpass logout [--force, -f]
    • lpass show [--sync=auto|now|no] [--clip, -c] [--all|--username|--password|--url|--notes|--field=FIELD|--id|--name] {UNIQUENAME|UNIQUEID}
    • lpass ls [--sync=auto|now|no] [GROUP]
    • lpass edit [--sync=auto|now|no] [--non-interactive] {--name|--username|--password|--url|--notes|--field=FIELD} {NAME|UNIQUEID}
    • lpass generate [--sync=auto|now|no] [--clip, -c] [--username=USERNAME] [--url=URL] [--no-symbols] {NAME|UNIQUEID} LENGTH
    • lpass duplicate [--sync=auto|now|no] {UNIQUENAME|UNIQUEID}
    • lpass rm [--sync=auto|now|no] {UNIQUENAME|UNIQUEID}
    • lpass sync [--background, -b]

    You can view the full documentation in the manpage, ‘man lpass‘ or view the online manual.

    Known limitations

    Since the main purpose of the CLI tool is to work with LastPass vault entries in a programmatic way, the following LastPass Business policies that require client-side enforcement are not currently supported when using this tool:

    • Remember master password
    • Account Logoff on Browser Close
    • Account Logoff on Browser Idle
    • Account Logoff on Computer Lock
    • Account Logoff on Screensaver
    • Account Logoff on Shutdown/Logoff
    • Prohibit Export
    • Prohibit Import
    • Site Password Length
    • Disable Identities
    • Setting Default Account for New Sites
    • Prohibit Bookmarklets
    • Prohibit master password Revert
    • Prohibit master password Hint
    • Prohibit Account Recovery
    • Prevent Multifactor Disable via Email
    • Require Master Password Reprompt on Copy/View
    • Log Name(both client and server)
    • Prohibit Shared Folders Outside Business (both client and server)
    • Disable Secure Notes (both client and server)
    • Prohibit Sharing (both client and server)
    • Prohibit Sharing Except for Shared Folders (both client and server)
    • Save Personal Sites to Personal vault (both client and server)
    • Disable Fingerprint Reader Authentication (both client and server)
    • Disable Autofill (both client and server)