← Back to Overview

CLI

Vault Commands

Create, unlock, and manage the AES-256-GCM encrypted secret vault from the command line. The same vault file is shared with the VS Code extension.

Create Vault

Initialize a new encrypted vault with a master password.

openpost vault create
Prompts for master password (interactive)
Creates ~/.openpost/global/vault.enc
Same vault used by the VS Code extension — secrets are shared

Unlock

Unlock the vault for the current CLI session.

openpost vault unlock
Prompts for password
Unlocks for the current CLI session
Required before add-secret or list-secrets with values

Add Secret

Add or update a secret in the vault. Vault must be unlocked first.

openpost vault add-secret <key> <value>

# Example:
openpost vault add-secret stripe_key sk_live_abc123
Vault must be unlocked
Adds or updates the secret (upsert behavior)

List Secrets

View stored secrets — masked by default, with an option to reveal values.

# Masked output:
openpost vault list-secrets
# → stripe_key  ••••
# → db_password ••••

# Reveal values (JSON):
openpost vault list-secrets --json
Default output masks values: key ••••
--json reveals actual values
Useful for CI/CD secret verification

License

Activate and check license status from the CLI.

openpost license activate <jwt-key>
openpost license status
Shows: valid/expired, expiry date, machine ID

Next

Ko-fi