SkyCMD
SkyCMD
Toggle sidebar
Home
Projects
Viscosity OTP

Viscosity OTP

View on GitHub

SkyCMD Labs

·

Mar 6, 2026

Viscosity OTP automates one-time password entry for Viscosity VPN connections on macOS. Instead of manually copying a code from your authenticator app and pasting it every time you connect, the OTP is fetched and submitted automatically in the background.

How It Works

Viscosity 1.10.5+ supports challenge response in Before Connect scripts. Viscosity OTP provides a single AppleScript that runs before each connection. It reads the VPN connection name, looks up a configured shell command, executes it to retrieve the OTP, and returns it to Viscosity — all within seconds, with no interaction required beyond approving any biometric prompts.

Provider Agnostic

Unlike tools that are locked to a single password manager, Viscosity OTP works with anything that has a command-line interface. If it can output a TOTP code, it works. Supported providers include:

  • 1Password (via the op CLI with Touch ID support)

  • Bitwarden (via the bw CLI)

  • KeePassXC (via keepassxc-cli)

  • oathtool (for standalone TOTP generation)

  • Any custom script or API call

You can even mix providers — use 1Password for one VPN and Bitwarden for another. Each connection is configured independently.

Simple Configuration

No config files, no dependencies, no build steps. Configuration uses native macOS preferences via the defaults command. One command maps a VPN connection to an OTP source. The script handles the rest.

Error Handling

When something goes wrong — a missing configuration, an expired session, or a failed command — a clear error dialog appears with actionable details so you know exactly what to fix.

Open Source

Viscosity OTP is open source under the MIT licence. It consists of a single AppleScript file with no external dependencies beyond your chosen OTP provider.

© 2015–2026 SkyCMD and SkyCMD Labs. All rights reserved.