YubiKey OTP

YubiKey OTP generates a 44-character one-time password when you touch the key. The gateway can validate these OTPs if Yubico credentials are configured.

Note

YubiKey OTP enrollment is not currently exposed in the web UI. It requires gateway configuration and API-level enrollment.

Requirements

YubiKey OTP requires these gateway env vars:

YUBICO_CLIENT_ID=...
YUBICO_SECRET_KEY=...

Using YubiKey OTP

If OTP enrollment is enabled for your account, you can enter a YubiKey OTP anywhere the gateway prompts for an MFA code (web or CLI). Touch the key and paste the OTP.

Recommended Alternative

For most users, WebAuthn is easier to manage and fully supported in the UI:

• WebAuthn