dashlane

# Dashlane CLI Access your Dashlane vault from the command line. Read-only access to passwords, secure notes, secrets and OTP codes. ## Installation ```bash brew install dashlane/tap/dashlane-cli ``` ## Authentication First sync to trigger authentication: ```bash dcli sync ``` **Steps:** 1. Enter your Dashlane email 2. **⚠️ IMPORTANT: Open the URL shown in your browser** (device registration) 3. Enter the code received by email 4. Enter your Master Password Check current account: ```bash dcli accounts whoami ``` ## Get a Password ```bash # Search by URL or title (copies password to clipboard by default) dcli p mywebsite dcli password mywebsite # Get specific field dcli p mywebsite -f login # Username/login dcli p mywebsite -f email # Email dcli p mywebsite -f otp # TOTP 2FA code dcli p mywebsite -f password # Password (default) # Output formats dcli p mywebsite -o clipboard # Copy to clipboard (default) dcli p mywebsite -o console # Print to stdout dcli p mywebsite -o json # Full JSON output (all matches) # Search by specific fields dcli p url=example.com dcli p title=MyBank dcli p id=xxxxxx # By vault ID dcli p url=site1 title=site2 # Multiple filters (OR) ``` ## Get a Secure Note ```bash dcli note [filters] dcli n [filters] # Shorthand # Filter by title (default) dcli n my-note dcli n title=api-keys # Output formats: text (default), json dcli n my-note -o json ``` ## Get a Secret Dashlane secrets are a dedicated content type for sensitive data. ```bash dcli secret [filters] # Filter by title (default) dcli secret api_keys dcli secret title=api_keys -o json ``` ## Other Commands ```bash # Sync vault manually (auto-sync every hour by default) dcli sync # Lock the vault (requires master password to unlock) dcli lock # Logout completely dcli logout # Backup vault to current directory dcli backup dcli backup --directory /path/to/backup ``` ## Configuration ```bash # Save master password in OS keychain (default: true) dcli configure save-master-password true # Disable auto-sync dcli configure disable-auto-sync true # Enable biometrics unlock (macOS only) dcli configure user-presence --method biometrics # Disable user presence check dcli configure user-presence --method none ``` ## Persistence by Platform ### macOS Master password is stored in the **Keychain** by default. Survives reboots. ```bash dcli configure save-master-password true ``` ### Linux (server/headless) No native keychain. Options: 1. **Environment variable** (less secure, but simple): ```bash export DASHLANE_MASTER_PASSWORD="..." ``` 2. **Local encrypted file**: `save-master-password true` stores in `~/.local/share/dcli/` 3. **External secret manager** (Vault, AWS Secrets, etc.) to inject the variable ### Docker / CI Use the `DASHLANE_MASTER_PASSWORD` environment variable passed to the container. ```bash docker run -e DASHLANE_MASTER_PASSWORD="..." myimage ``` ### SSO / Passwordless Not supported by dcli yet — requires a classic master password. ## Advanced: Inject Secrets ```bash # Inject secrets into environment variables dcli exec -- mycommand # Inject into templated files dcli inject < template.txt > output.txt # Read secret by path dcli read "dl://vault/secret-id" ``` ## Examples ### Get OTP for 2FA ```bash dcli p github -f otp # Returns: 123456 (25s remaining) ``` ### SSH Keys from Vault Store private key in a secure note, then: ```bash dcli n SSH_KEY | ssh-add - ``` ### Scripting ```bash # Get password for a script PASSWORD=$(dcli p myservice -o console) # Get JSON and parse with jq dcli p myservice -o json | jq -r '.[0].password' ``` ## Troubleshooting - **Locked?** Run `dcli sync` to unlock - **SSO users:** Need Chrome installed + visual interface - **Password-less:** Not supported yet - **Debug mode:** `dcli --debug <command>` Docs: https://cli.dashlane.com