CLI
Vault Commands
Create, unlock, and manage the AES-256-GCM encrypted secret vault from the command line. The same vault file is shared with the VS Code extension.
Create Vault
Initialize a new encrypted vault with a master password.
openpost vault create
Prompts for master password (interactive)
Creates
~/.openpost/global/vault.encSame vault used by the VS Code extension — secrets are shared
Unlock
Unlock the vault for the current CLI session.
openpost vault unlock
Prompts for password
Unlocks for the current CLI session
Required before
add-secret or list-secrets with valuesAdd Secret
Add or update a secret in the vault. Vault must be unlocked first.
openpost vault add-secret <key> <value>
# Example:
openpost vault add-secret stripe_key sk_live_abc123
Vault must be unlocked
Adds or updates the secret (upsert behavior)
List Secrets
View stored secrets — masked by default, with an option to reveal values.
# Masked output:
openpost vault list-secrets
# → stripe_key ••••
# → db_password ••••
# Reveal values (JSON):
openpost vault list-secrets --json
Default output masks values:
key ••••--json reveals actual valuesUseful for CI/CD secret verification
License
Activate and check license status from the CLI.
openpost license activate <jwt-key>
openpost license status
Shows: valid/expired, expiry date, machine ID