@seald-io/cli
v5.5.0
Published
CLI utility for Seald
Downloads
46
Readme
Seald-CLI
Usage
seald <command>
Commands:
seald create-account [display-name] [email] [team-id] Create an account
seald list-team-invitations List team invitations
seald join-team [team-id] Join team by id
seald list-backup-keys List new backup keys
seald create-backup-key [output] Create a backup key
seald load-backup-key [key] Load a backup key
seald add-email [email] Add an email to the account
seald validate-email [email] [code] Validate an email connector already added to the account
seald encrypt [input..] Encrypt files [aliases: encrypt-file]
seald decrypt [input..] Decrypt a file [aliases: decrypt-file]
seald watch-encrypt [input] [output] Watch a folder and encrypt all files written to it into another folder
seald add-recipients [input..] Authorize new recipients to read an encrypted file [aliases: authorize-recipients]
seald get-file-info [input] Get information about an encrypted file
seald get-user-info [--email email] [--id user-id] Get information about a user. Enter an email with `--email`, a user-id with `--id` to get information about a contact, or no argument at all to get information about your own account.
seald revoke [input..] Revoke recipients from reading an encrypted file
seald add-sigchain-transaction Manually add a sigchain transaction to recover your sigchain from a bad state. You should not use this by yourself, always ask the Seald support.
seald cancel-recovery-request Cancel the current account recovery request
seald request-recovery [email] [user-id] [device-name] Create an account recovery request
seald validate-recovery [challenge] Validate an account recovery request
seald verify-recovery Instantiate a recovered account
seald set-device-name [device-name] Set the name of the current device
seald create-group Create a group
seald renew-group-key Renew group key
seald add-group-members Add members to a group
seald remove-group-members Remove members from a group
seald set-group-admin Set admin status of a group member. Can only be done by group admin.
seald list-groups List teams groups.
seald list-group-members List all members of a group.
seald use-jwt Use a JSON Web Token to join a team, or to add a connector to the current user.
seald change-db-password Change the database password
Options:
--help Show help [boolean]
--verbose, -v Show logs. [boolean]
--silly Show a _lot_ of logs. [boolean]
--silent Show as little logs as possible. [boolean]
--strict-mode Use Seald's strict mode. You will lose some features but it will be more secure. See the documentation. [boolean] [default: false]
--interactive Set to `false` to force Seald to never await user input (confirmation, questions, password). [boolean] [default: true]
--api-url URL of the Seald API server. [string] [default: "https://api.seald.io/"]
--decrypt-url URL of the Seald decrypt server. [string] [default: "https://decrypt.seald.io/"]
--issuer-fingerprint Fingerprint of the certificate of the issuer of the API server's certificate. Multiple certificates can be comma-separated. [string] [default: "67:AD:D1:16:6B:02:0A:E6:1B:8F:5F:C9:68:13:C0:4C:2A:A5:89:96:07:96:86:55:72:A3:C7:E7:37:61:3D:FD,73:0C:1B:DC:D8:5F:57:CE:5D:C0:BB:A7:33:E5:F1:BA:5A:92:5B:2A:77:1D:64:0A:26:F7:A4:54:22:4D:AD:3B,46:49:4E:30:37:90:59:DF:18:BE:52:12:43:05:E6:06:FC:59:07:0E:5B:21:07:6C:E1:13:95:4B:60:51:7C:DA,1A:07:52:9A:8B:3F:01:D2:31:DF:AD:2A:BD:F7:18:99:20:0B:B6:5C:D7:E0:3C:59:FA:82:27:25:33:35:5B:74,5A:8F:16:FD:A4:48:D7:83:48:1C:CA:57:A2:42:8D:17:4D:AD:8C:60:94:3C:EB:28:F6:61:AE:31:FD:39:A5:FA,BA:CD:E0:46:30:53:CE:1D:62:F8:BE:74:37:0B:BA:E7:9D:4F:CA:F1:9F:C0:76:43:AE:F1:95:E6:A5:9B:D5:78,73:1D:3D:9C:FA:A0:61:48:7A:1D:71:44:5A:42:F6:7D:F0:AF:CA:2A:6C:2D:2F:98:FF:7B:3C:E1:12:B1:F5:68,25:84:7D:66:8E:B4:F0:4F:DD:40:B1:2B:6B:07:40:C5:67:DA:7D:02:43:08:EB:6C:2C:96:FE:41:D9:DE:21:8D"]
--proxy URL of the proxy to use [string] [default: null]
--seald-dir Path of the seald-cli directory. [string] [default: "$HOME/.seald-cli"]
--key-size Size of the private keys to generate. [number] [choices: 1024, 2048, 4096] [default: 4096]
--disable-error-reports Disable reporting of errors to Seald [boolean] [default: false]
--disable-db-password Disable getting asked for a password on DB creation [boolean] [default: false]
--version Show version number [boolean]
create-account
seald create-account [display-name] [email] [team-id]
Create an account
Options:
--display-name, -d Display Name of the account. [default: "CLI Account"]
--email, -e Email address of the account. [string] [default: null]
--team-id, -t UUID of the team you want to join. Will be ignored if email is not specified
--email-validation Automatic email validation token created by the admin [string]
--force, -f If there is a warning, add email anyway without confirmation. [boolean]
--accept-license, --accept-licence Assert that you have read and fully accept the license agreement ( https://www.seald.io/licence-agreement ) and the privacy policy ( https://www.seald.io/privacy-policy ). [boolean]
--accept-backup-keys Automatically accept all team backup keys [boolean]
--device-name, -n Name of this device (36 chars max) [string] [default: null]
--signup-jwt, --jwt JWT to use. [string]
Can only be used when no account has been created.
Team-id will be ignored if email is not specified.
list-team-invitations
seald list-team-invitations
List team invitations
Can only be used after account has been created and an email added, but before a team has been joined.
join-team
seald join-team [team-id]
Join team by id
Options:
--team-id, -t UUID of the team you want to join [string] [required] [default: null]
--accept-backup-keys Automatically accept all team backup keys [boolean]
Can only be used after account has been created and an email added, but before a team has been joined.
list-backup-keys
seald list-backup-keys
List new backup keys
Options:
--accept-backup-keys Automatically accept all team backup keys [boolean]
Can only be used after account has been created.
create-backup-key
seald create-backup-key [output]
Create a backup key
Options:
--output, -o File to which to output the created key [string] [default: "./seald-cli-backup.seald_key"]
--device-name, -n Name of the backup device [string] [default: null]
--key-password, -p Password to encrypt the key export. Empty string to export an unprotected key. If not specified, the CLI will ask for it later. [string]
Can only be used after account has been created.
load-backup-key
seald load-backup-key [key]
Load a backup key
Options:
--key, -k File from which to load the backup key. [string] [required]
--offline Do not try loading account data online after loading the key. [boolean]
--key-password, -p Password used to encrypt the exported key. If not specified, the CLI will ask for it later. [string]
Can only be used when no account has been created.
add-email
seald add-email [email]
Add an email to the account
Options:
--email, -e Email address of the account. [string] [required]
--email-validation Automatic email validation token created by the admin [string]
--skip-validation Do not valide the email. Email will need to be validated later using the `validate-email` command. [boolean] [default: false]
--force, -f If there is a warning, add email anyway without confirmation. [boolean]
--accept-backup-keys Automatically accept all team backup keys [boolean]
--auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean] [default: null]
Can only be used after account has been created.
encrypt
seald encrypt [input..]
Encrypt files
Options:
--input, -f, --file, --files, -i Path of the file to encrypt. [array] [required]
--output, -o File to write the encrypted file to. Defaults to current directory, with the same name as the clear file + .seald [string]
--recipients-ids, --uids IDs of the recipients to add. Can be of the form 'UID', or 'UID:sigchainHash' to do a check of the sigchainHash. [array] [default: []]
--recipients-emails, --emails Emails of the recipients to add. Can be of the form '[email protected]', or '[email protected]:sigchainHash' to do a check of the sigchainHash. For non seald user, if your team has the option, you can specify a phone number using the form '[email protected]#+33612345678' [array] [default: []]
--recipients-emails-file, --emails-file path of the file containing the recipients' emails [string]
--force-self Do not ask for confirmation when you set no recipients other than yourself. Force to `true` when CLI is not in interactive mode [boolean]
--recursive, -r When given a directory, recursively encrypt all files inside. [boolean]
--retries When working on multiple files and there is an error, try this number of times [number] [default: 3]
--on-error When working on multiple files and there is an error, what is the behaviour [string] [choices: "ignore", "warn", "fail"] [default: "fail"]
--parallel When working on multiple files, run this number of tasks at the same time [number] [default: 10]
--remove, -R After encrypting a file, remove the clear one. When applied to a directory, also remove the directory. [boolean]
--remove-files After encrypting a file, remove the clear one. When applied to a directory, only remove the files inside. [boolean]
--on-same-file-name Behaviour when there is a conflict on the output file name [string] [choices: "overwrite", "error", "increment", "skip"] [default: "error"]
--auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean] [default: null]
--progress Show progress bar [boolean] [default: true]
--encrypt-for-self Whether or not to include the current user as recipient. [boolean] [default: true]
Can only be used after account has been created.
decrypt
seald decrypt [input..]
Decrypt a file
Options:
--input, -f, --file, --files, -i Path of the file to decrypt. [array] [required]
--output, --output-dir, -o Directory to write the decrypted file to. Defaults to current directory. [string]
--offline-database, -d Offline backup of the database. [string]
--force, -f Decrypt anyway even if there is a warning, without confirmation. Only when decrypting single files. Always true when decrypting multiple files. [array]
--safe, -s Do not decrypt if there is a warning, without confirmation.
--recursive, -r When given a directory, recursively decrypt all files inside. [boolean]
--retries When working on multiple files and there is an error, try this number of times [number] [default: 3]
--on-error When working on multiple files and there is an error, what is the behaviour [string] [choices: "ignore", "warn", "fail"] [default: "fail"]
--on-non-seald When working on multiple files and we encounter a non-seald file, what is the behaviour [string] [choices: "ignore", "warn", "fail"] [default: "warn"]
--parallel When working on multiple files, run this number of tasks at the same time [number] [default: 10]
--remove, -R After decrypting a file, remove the encrypted one. When applied to a directory, also remove the directory. [boolean]
--remove-files After decrypting a file, remove the encrypted one. When applied to a directory, only remove the files inside. [boolean]
--progress Show progress bar [boolean] [default: true]
Can only be used after account has been created.
watch-encrypt
seald watch-encrypt [input] [output]
Watch a folder and encrypt all files written to it into another folder
Options:
--input, -i Path of the folder to watch. [string] [required]
--output, -o Path of the folder to which to write the encrypted files. [string] [required]
--remove, -r Remove cleartext files once encrypted. [boolean]
--existing, -e Also encrypt already existing files. [boolean]
--retries When there is an error, try this number of times [number] [default: 3]
--on-error When there is an error with a file encryption or file removal that exceeded the number of retries, should the process skip this specific file and just print a warning, or should it fail. [string] [choices: "skip", "fail"] [default: "fail"]
--recipients-ids, --uids IDs of the recipients to add. Can be of the form 'UID', or 'UID:sigchainHash' to do a check of the sigchainHash. [array] [default: []]
--recipients-emails, --emails Emails of the recipients to add. Can be of the form '[email protected]', or '[email protected]:sigchainHash' to do a check of the sigchainHash. For non seald user, if your team has the option, you can specify a phone number using the form '[email protected]#+33612345678' [array] [default: []]
--recipients-emails-file, --emails-file Path of the file containing the recipients' emails [string]
--ignore-files, --ignore List of anymatch glob patterns to ignore. Matches in a case-insensitive way against the file names, not full paths. Do not forget to escape special characters, to avoid them being interpreted by your shell. [array] [default: []]
--on-same-file-name Behaviour when there is a conflict on the output file name [string] [choices: "overwrite", "error", "increment", "skip"] [default: "error"]
--auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean] [default: null]
--poll-interval Time to wait (in milliseconds) between checks of the file-system. [number] [default: 10000]
--stable-time Time to wait (in milliseconds) between checks of a single file to see if it is still being written or not. [number] [default: 500]
--method, -m, --watch-method Method to use to watch the input folder. Chokidar is the fastest and most CPU efficient, but in some cases other methods could be more reliable. [required] [choices: "chokidar", "chokidar-poll", "list", "checksum"] [default: "chokidar"]
--parallel When working on multiple files, run this number of tasks at the same time (only for chokidar). [number] [default: 10]
--encrypt-for-self Whether or not to include the current user as recipient. [boolean] [default: true]
Can only be used after account has been created.
add-recipients
seald add-recipients [input..]
Authorize new recipients to read an encrypted file
Options:
--input, -f, --file, --files, -i Path of the encrypted file or files. [array] [required]
--recipients-ids, --uids IDs of the recipients to add. Can be of the form 'UID', or 'UID:sigchainHash' to do a check of the sigchainHash. [array] [default: []]
--recipients-emails, --emails Emails of the recipients to add. Can be of the form '[email protected]', or '[email protected]:sigchainHash' to do a check of the sigchainHash. For non seald user, if your team has the option, you can specify a phone number using the form '[email protected]#+33612345678'. To remove the phone number, use the form 'email#' [array] [default: []]
--recipients-emails-file, --emails-file path of the file containing the recipients' emails [string]
--recursive, -r When given a directory, recursively authorize all files inside. [boolean]
--retries When working on multiple files and there is an error, try this number of times [number] [default: 3]
--on-error When working on multiple files and there is an error, what is the behaviour [string] [choices: "ignore", "warn", "fail"] [default: "fail"]
--on-non-seald When working on multiple files and we encounter a non-seald file, what is the behaviour [string] [choices: "ignore", "warn", "fail"] [default: "warn"]
--parallel When working on multiple files, run this number of tasks at the same time [number] [default: 10]
--auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean] [default: null]
--progress Show progress bar [boolean] [default: true]
Can only be used after account has been created.
get-file-info
seald get-file-info [input]
Get information about an encrypted file
Options:
--input, -f, --file, -i [string]
Can only be used after account has been created.
get-user-info
seald get-user-info [--email email] [--id user-id]
Get information about a user. Enter an email with `--email`, a user-id with `--id` to get information about a contact, or no argument at all to get information about your own account.
Options:
--email, -e Email of the user about whom you want information [string]
--id ID of the user about whom you want information [string]
Can only be used after account has been created.
revoke
seald revoke [input..]
Revoke recipients from reading an encrypted file
Options:
--input, -f, --file, --files, -i Path of the encrypted file. [array] [required]
--revoke-all, --all Revoke all recipients. [boolean]
--revoke-others, --others Revoke everyone except me. [boolean]
--revoke-emails, --emails Emails of the recipients to revoke. [array]
--revoke-emails-file, --emails-file File containing emails of the recipients to revoke. [string]
--revoke-ids, --uids IDs of the recipients to revoke. [array]
--recursive, -r When given a directory, recursively revoke all files inside. [boolean]
--retries When working on multiple files and there is an error, try this number of times [number] [default: 3]
--on-error When working on multiple files and there is an error, what is the behaviour [string] [choices: "ignore", "warn", "fail"] [default: "fail"]
--on-non-seald When working on multiple files and we encounter a non-seald file, what is the behaviour [string] [choices: "ignore", "warn", "fail"] [default: "warn"]
--parallel When working on multiple files, run this number of tasks at the same time [number] [default: 10]
--auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean] [default: null]
--progress Show progress bar [boolean] [default: true]
Can only be used after account has been created.
add-sigchain-transaction
seald add-sigchain-transaction
Manually add a sigchain transaction to recover your sigchain from a bad state. You should not use this by yourself, always ask the Seald support.
Options:
--type, -t Type of the sigchain operation [string] [required] [choices: "creation", "revocation", "renewal"]
--device-id, -d DeviceID of the sigchain operation [string] [required]
--created-at, -c Timestamp of the transaction as standard UNIX timestamp. Defaults to now. [number]
--expire-after, -a For key creations & renewals, duration in seconds during which they remain valid. Defaults to 3 years. [number]
--encryption-key-hash, -e Hash of the operationEncryptionKey. It must be the current encryptionKey of one of the user's devices. Otherwise, use the `encryption-key` argument. [string]
--encryption-key-b64 Full operationEncryptionKey to use, in Base64 format. [string]
--signing-key-hash, -s Hash of the operationSigningKey. It must be the current signingKey of one of the user's devices. Otherwise, use the `signing-key` argument. [string]
--signing-key-b64 Full operationSigningKey to use, in Base64 format. [string]
--signer-key-hash, -S Hash of the signingKey with which to sign the operation. It must be this device's signingKey, or one of its old signing keys. Otherwise, use the `signer-key` argument. Defaults to the device's current signing key. [string]
--signer-key-b64 Full signingKey with which to sign the operation to use, in Base64 format. [string]
--verify-sigchain When adding the transaction, whether or not the server should verify that this transaction makes the sigchain valid. [boolean] [default: true]
Can only be used after account has been created.
change-db-password
seald change-db-password
Change the database password
To automate processes, you can provide the database password in the `SEALD_DB_PASSWORD` environment variable to avoid getting prompted on each start.
cancel-recovery-request
seald cancel-recovery-request
Cancel the current account recovery request
Can only be used when a recovery request has been created.
request-recovery
seald request-recovery [email] [user-id] [device-name]
Create an account recovery request
Options:
--email, -e Email of the account to recover [string] [required]
--user-id ID of the account to recover [string]
--device-name, -n Name of this device (36 chars max) [string]
--skip-validation Do not interactively await the validation code send by mail. You can validate it later using the `validate-recovery` command. [boolean] [default: false]
Can only be used when no account has been created.
validate-recovery
seald validate-recovery [challenge]
Validate an account recovery request
Options:
--challenge, -c Challenge sent by mail. Must be in the from 0000-0000 [string] [required]
Can only be used when a recovery request has been created.
verify-recovery
seald verify-recovery
Instantiate a recovered account
Can only be used when a recovery request has been created, validated, and accepted by a team administrator.
set-device-name
seald set-device-name [device-name]
Set the name of the current device
Options:
--device-name, -n Name of this device (36 chars max) [string] [required]
Can only be used after account has been created.
create-group
seald create-group
Create a group
Options:
--group-name, -n Name of the group [string] [required]
--members-emails, --emails Emails of the group members. It must include yourself. [array]
--members-ids, --uids IDs of the group members. It must include yourself. [array]
--members-emails-file, --emails-file File containing emails of the group members. [string]
--admins-emails Emails of the group administrators. Administrators must also be members. It must include yourself. [array]
--admins-ids IDs of the group administrators. Administrators must also be members. It must include yourself. [array]
--auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean] [default: null]
Can only be used after account has been created.
renew-group-key
seald renew-group-key
Renew group key
Options:
--group-id, --gid ID of the group [string] [required]
Can only be used after account has been created.
add-group-members
seald add-group-members
Add members to a group
Options:
--group-id, --gid ID of the group [string] [required]
--new-members-emails, --emails Emails of the group members to add. [array]
--new-members-ids, --uids IDs of the group members to add. [array]
--new-members-emails-file, --emails-file File containing emails of the group members to add. [string]
--auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean] [default: null]
Can only be used after account has been created.
remove-group-members
seald remove-group-members
Remove members from a group
Options:
--group-id, --gid ID of the group [string] [required]
--members-to-remove-emails, --emails Emails of the group members to remove. [array]
--members-to-remove-ids, --uids IDs of the group members to remove. [array]
--members-to-remove-emails-file, --emails-file File containing emails of the group members to remove. [string]
--auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean] [default: null]
Can only be used after account has been created.
set-group-admin
seald set-group-admin
Set admin status of a group member. Can only be done by group admin.
Options:
--group-id, --gid ID of the group [string] [required]
--member-email, --email Email of the group member to set admin status. [string]
--member-id, --uid Id of the group member to set admin status. [string]
--new-status, -s Status to set [boolean] [required]
--auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean] [default: null]
Can only be used after account has been created.
list-groups
seald list-groups
List teams groups.
Options:
--page, -p groups are listed by pages of 10 [number]
--mine, -m Shows only the groups of which the user is a member [boolean]
--all, -a List all group pages at once [boolean]
Can only be used after account has been created.
list-group-members
seald list-group-members
List all members of a group.
Options:
--group-id, --gid ID of the group [string] [required]
Can only be used after account has been created.
validate-email
seald validate-email [email] [code]
Validate an email connector already added to the account
Options:
--email, -e Email address to validate. You must specify either `email` or `email-connector-id`. [string]
--email-connector-id, --id ID of the email connector to validate. You must specify either `email` or `email-connector-id`. [string]
--validation-code, --code Validation code sent to the email address. [string] [required]
Can only be used after account has been created.
use-jwt
seald use-jwt
Use a JSON Web Token to join a team, or to add a connector to the current user.
Options:
--jwt JWT to use [string] [required]
--accept-backup-keys Automatically accept all team backup keys (only if the JWT adds you to a team) [boolean]
Can only be used after account has been created.