Image by Soumil Kumar from Pexels

tl;dr

The tl;dr is:

# read the YubiKey
echo "Press your YubiKey"
read -rs YUBIKEY

What is a YubiKey?

A YubiKey is a device made by Yubico intended as a form of MFA.

Generally, it's a USB device that is used to obtain access to sensitive resources.

Scripting a YubiKey

Yubico provides a cli, ykman, for the YubiKey. The intention of ykman is to allow IT administrators to configure YubiKeys for their organizations.

I thought that it would be cool to have some shell scripts around for common APIs within my organization, but some of these require a credential generated from my YubiKey. My logic was that perhaps ykman could script the YubiKey credential generation for me.

I googled for an hour and only came up with a couple discussions about this. Unfortunately, one of them held some bad news:

I don't think there is a way to programmatically get a YubiOTP from the YubiKey
from discussion on ykman issue 400

The solution

The solution is a quick-and-dirty "silent read" from the terminal:

# read the YubiKey
echo "Press your YubiKey"
read -rs YUBIKEY
echo "Thank you"

I thought I'd post that in case someone else goes searching for it in the future.