When you create a new MFA you can put the secret key into an encrypted container with the following command. You need to paste the private key for the MFA device that you can copy and paste when creating a new virtual MFA device in the AWS web console.

gpg --armor -e > ~/.aws/<mfa-name>.mfa.asc

The following snipped will allow you to easily access these MFA devices on the shell (make sure you have the oathtool installed). To get a code just run mfa <profile> and enter your passphrase.

The pbcopy will directly copy the 6digit number to the pastebin on Macs. On Linux you might have to tweak that a little bit to suit your needs.