# List of commands

These commands support global options.

# create-account

The create-account command allows you to create an account and, optionally, add an email and join a team.

seald create-account [--display-name <display_name>] [--email <email> [--email-validation <validation_token>] [--force] [--team-id <team_id>]]

# Examples

To create an account:

seald create-account

To create an account with an email :

seald create-account --display-name Tim --email tim@seald.io

To create an account with an email, and join a team:

seald create-account -d Tim -e tim@seald.io -t 00000000-0000-0000-0000-000000000000

To create an account with an email belonging to a pre-validated domain:

seald  create-account -d Tim -e tim@seald.io --force --email-validation 69ddb1130cab76a9f4639e25b442d0358687436bccbf21a3e61bd0c1a2888246107e1cf9fd05f80d607f68fc0c8286ce06275356a01c4bd0e275f055832a5cde

# Options

  • --display-name, -d Display name of the account. If you're using only the CLI, this cannot be changed afterwards. [string] [default: "CLI Account"]
  • --device-name, -n Name of this device (36 chars max) [string] [required]
  • --email, -e Email address of the account. [string] [default: null]
  • --email-validation Automatic email validation token created by the admin. [string] [require: email ]
  • --accept-license, --accept-licence Automatically accept the licence agreement and the privacy policy. [boolean] [default: false]
  • --force, -f If there is a warning, add email anyway without confirmation. [boolean] [default: null]
  • --team-id, -t ID of the team you want to join. Will be ignored if email is not specified. [string] [default: null] [require: email ]
  • --accept-backup-keys Automatically accept all team backup keys (requires to join a team). [boolean] [default: false]
  • --disable-db-password Disable getting asked for a password on DB creation. This option is not available for the desktop application. [boolean] [default: false]

# add-email

The add-email command allows you to add an email to the account.

This operation requires to already have created an account beforehand via the create-account command.

An account requires at least one email to be used, and can have several emails.

To validate the new email, it is necessary to enter a validation code that is sent by email to the address.

If the email address is already associated with another Seald account, a confirmation will be requested. The --force option allows you to skip this confirmation.

If you are using a pre-validated domain, you can use a validation token through the --email-validation option when using the create-account and add-email commands. Using this key automatically validates the email, and adds the user to the team.

seald add-email --email <email> [--email-validation <validation_token>] [--force]

# Example

seald add-email --email tim@seald.io
seald add-email -e tim@seald.io --email-validation <validation_token> --force

# Options:

  • --email, -e Email address of the account. [string] [default: null] [required]
  • --email-validation Automatic email validation token created by the admin. [string]
  • --force, -f If there is a warning, add email anyway without confirmation. [boolean]
  • --accept-backup-keys Automatically accept all team backup keys (requires to join a team). [boolean] [default: false]
  • --auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean]

# list-team-invitations

This operation requires to already have created an account and to have added at least one email.

This operation take no arguments.

seald list-team-invitations

# Example

seald list-team-invitations

Output expected:
team: <team_name>, invited by: <inviter_email>, team ID: <team_id>

# join-team

The join-team command allows you to join a team by accepting an invitation.

Can only be used after account has been created with at least one email.

seald join-team --team-id <team_id>

# Example

$ seald join-team --team-id 00000000-0000-0000-0000-000000000000

# Options

  • --team-id, -t UUID of the team you want to join. Will be ignored if email is not specified. [string] [default: null]
  • --accept-backup-keys Automatically accept all team backup keys [boolean] [default: false]

# list-backup-keys

The list-backup-keys command allows you to list and accept newly created backup keys

Can only be used after account has been created, and has joined a team.

seald list-backup-keys --accept-backup-keys

# Exemple

$ seald list-backup-keys --accept-backup-keys

# Options

  • --accept-backup-keys Automatically accept all team backup keys [boolean] [default: false]

# encrypt

The encrypt command allows you to encrypt one or more files.

Can only be used after account has been created, and has joined a team. If the strict mode is enabled, recipients without Seald are forbidden.

seald encrypt [--output <output_file>] [--recipients-ids <...recipients_ids>] [--recipients-emails <...recipients_emails>] [--recipients-emails-file <recipients_emails_file>] [--force-self] --input <files_to_encrypt..>

# Alias

  • encrypt-file

# Examples

Encrypt a file only for yourself, without asking for confirmation:

seald encrypt --input path/example.pdf --output path/example.pdf.shtml --force-self

Encrypt two files for two recipients:

seald encrypt -i 'path/example.pdf' 'path/annex.pdf' --recipients-ids JqTsYFZAAuSHVGofjmsg8g fjmsg8gJqTsYFZAAuSHVGo --emails 'email@domain.tld' 'email@domain.tld'

Recursively encrypt a folder, with clear files deleted, display a warning if file encryption has failed on some files:

seald encrypt -i path/clearFiles/ -o path/encryptedFiles/ --emails-file path/recipients.txt --recursive --remove --on-error warn

# Options

  • --input, -i, --file, --files, -f Path of the file to encrypt. [array] [required]
  • --output, -o File to write the encrypted file to. Defaults to current directory, with the same name as the clear file + .shtml [string]
  • --recipients-ids, --uids IDs of the recipients to add. Can be of the form UID, or UID:sigchainHash to do a check of the sigchainHash. [array] [default: []]
  • --recipients-emails, --emails Emails of the recipients to add. Can be of the form user@domain.ext, or user@domain.ext:sigchainHash to do a check of the sigchainHash. For non seald users, if your team has the option activated, you can specify a phone number using the format user@domain.ext#+33612345678. [array] [default: []]
  • --recipients-emails-file, --emails-file Path of the file containing the recipients' emails. [string]
  • --force-self Do not ask for confirmation when you set no recipients other than yourself. [boolean]
  • --recursive, -r When given a directory, recursively encrypt all files inside [boolean]
  • --retries When working on multiple files and there is an error, try this number of times. [number] [default: 3]
  • --on-error When working on multiple files and there is an error, what is the behaviour. [string] [choices: "ignore", "warn", "fail"] [default: "fail"]
  • --parallel When working on multiple files, run this number of tasks at the same time. [number] [default: 10]
  • --remove, -R After encrypting a file, remove the clear one. When applied to a directory, also remove the directory. [boolean]
  • --remove-files After encrypting a file, remove the clear one. When applied to a directory, only remove the files inside. [boolean]
  • --on-same-file-name Behaviour when there is a conflict on the output file name [string] [choices: "overwrite", "error", "increment", "skip"] [default: "error"]
  • --auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean]
  • --progress Show progress bar. Enabled by default, use --no-progress to disable it. [boolean] [default: true]
  • --encrypt-for-self Whether or not to include the current user as recipient. [boolean] [default: true]

# decrypt

The decrypt command allows you to decrypt one or more files.

Can only be used after account has been created, and has joined a team.

seald decrypt --file <file_to_decrypt> [--output <output_directory>] [--offline-database <offline_database_path>] [--force] [--safe]

# Alias

  • decrypt-file

# Examples

Decrypt a file:

seald decrypt -i path/example.pdf.shtml -o path/example.pdf

Decrypt a file using a key backup file:

seald decrypt -i path/example.pdf.shtml -o path/example.pdf --offline-database path/backupFile.txt

Decrypt a folder recursively, displaying an alert if certain files cannot be decrypted:

seald decrypt -i path/encryptedFiles/ -o path/clearFiles/ --on-error warn --on-non-seald warn

# Options

  • --input, -i, --file, --files, -f Path of the file to decrypt. [array] [required]
  • --output, --output-dir, -o File to write the clear file to. Defaults to current directory. [string]
  • --offline-database, -d Offline backup of the database. [string]
  • --force, -f Decrypt anyway even if there is a warning, without confirmation. Only when decrypting single files. Always true when decrypting multiple files. [array]
  • --safe, -s Do not decrypt if there is a warning, without confirmation. [boolean]
  • --recursive, -r When given a directory, recursively decrypt all files inside. [boolean]
  • --retries When working on multiple files, and there is an error, try this number of times. [number] [default: 3]
  • --on-error When working on multiple files, and there is an error, what is the behaviour. [string] [choices: "ignore", "warn", "fail"] [default: "fail"]
  • --on-non-seald When working on multiple files, and we encounter a non-seald file, what is the behaviour. [string] [choices: "ignore", "warn", "fail"] [default: "warn"]
  • --parallel When working on multiple files, run this number of tasks at the same time. [number] [default: 10]
  • --remove, -R After decrypting a file, remove the encrypted one. When applied to a directory, also remove the directory. [boolean]
  • --remove-files After decrypting a file, remove the encrypted one. When applied to a directory, only remove the files inside. [boolean]
  • --progress Show progress bar. Enabled by default, use --no-progress to disable it. [boolean] [default: true]

# add-recipients

The add-recipients command allows you to add recipients to an existing encrypted file.

Can only be used after account has been created, and has joined a team. If the strict mode is enabled, recipients without Seald are forbidden.

seald add-recipients [input..]

# Alias

  • authorize-recipients

# Example

Add two users with Seald using their IDs, and two users without Seald using their email address.

seald add-recipients -i path/example.pdf.shtml --uids JqTsYFZAAuSHVGofjmsg8g, fjmsg8gJqTsYFZAAuSHVGo --emails 'email@domain.tld' 'email@domain.tld'

# Options

  • --input, -f, --file, --files, -i Path of the encrypted file or files. [array] [required]
  • --recipients-ids, --uids IDs of the recipients to add. Can be of the form UID, or UID:sigchainHash to do a check of the sigchainHash. [array] [default: []]
  • --recipients-emails, --emails Emails of the recipients to add. Can be of the form user@domain.ext, or user@domain.ext:sigchainHash to do a check of the sigchainHash. For non seald users, if your team has the option activated, you can specify a phone number using the form user@domain.ext#+33612345678. To remove the phone number, use the format email#. [array] [default: []]
  • --recipients-emails-file, --emails-file Path of the file containing the recipients' emails. [string]
  • --recursive, -r When given a directory, recursively authorize all files inside. [boolean]
  • --retries When working on multiple files, and there is an error, try this number of times [number] [default: 3]
  • --on-error When working on multiple files, and there is an error, what is the behaviour [number] [default: 3]
  • --on-non-seald When working on multiple files, and we encounter a non-Seald file, what is the behaviour. [string] [choices: "ignore", "warn", "fail"] [default: "warn"]
  • --parallel When working on multiple files, run this number of tasks at the same time. [number] [default: 10]
  • --auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean]
  • --progress Show progress bar. Enabled by default, use --no-progress to disable it. [boolean] [default: true]

# revoke

The revoke command allows you to revoke recipients to an existing encrypted file.

Can only be used after account has been created, and has joined a team.

seald revoke --file <...files_path> [--revoke-emails <...emails_to_revoke>] [--revoke-emails-file <emails_list_to_revoke>] [--revoke-ids <...ids_to_revoke>]

# Exemple

Revoke two users with seald using their uids, and two users without Seald using their email address:

seald revoke -i path/example.pdf.shtml --uids JqTsYFZAAuSHVGofjmsg8g, fjmsg8gJqTsYFZAAuSHVGo --emails 'email@domain.tld' 'email@domain.tld'

# Options

  • --input, -f, --file, --files, -i Path of the encrypted file or files. [array] [required]
  • --revoke-all, --all Revoke all recipients. [boolean]
  • --revoke-others, --others Revoke everyone except this account. [boolean]
  • --revoke-emails, --emails Emails of the recipients to revoke. [array]
  • --revoke-emails-file, --emails-file File containing emails of the recipients to revoke. [string]
  • --revoke-ids, --uids IDs of the recipients to revoke. [array]
  • --recursive, -r When given a directory, recursively decrypt all files inside. [boolean]
  • --retries When working on multiple files and there is an error, try this number of times. [number] [default: 3]
  • --on-error When working on multiple files and there is an error, what is the behaviour. [string] [choices: "ignore", "warn", "fail"] [default: "fail"]
  • --on-non-seald When working on multiple files and we encounter a non-seald file, what is the behaviour. [string] [choices: "ignore", "warn", "fail"] [default: "warn"]
  • --parallel When working on multiple files, run this number of tasks at the same time. [number] [default: 10]
  • --auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean]
  • --progress Show progress bar. Enabled by default, use --no-progress to disable it. [boolean] [default: true]

# get-file-info

The get-file-info command shows information about an encrypted file. This information is:

  • Recipients.
  • Revoked recipients.
  • Acknowledgement of reading.

Can only be used after account has been created.

seald get-file-info --file <file_path>

# Exemple

Show informations of a file:

seald get-file-info --file path/example.pdf.shtml

# Options

  • --input, -f, --file, --files, -i Path of the encrypted file. [string] [required]

# watch-encrypt

Watch a folder and encrypt all files written to it into another folder. The tree structure is preserved.

Can only be used after account has been created, and has joined a team. If the strict mode is enabled, recipients without Seald are forbidden.

seald watch-encrypt --input <input_folder_path> --output <output_folder_path> [--remove] [--existing] [--recipients-ids <...recipients_ids>] [--recipients-emails <...recipients_emails>] [--recipients-emails-file <recipients_emails_file>]

# Options

  • --input, -i Path of the folder to watch. [string] [required]
  • --output, -o Path of the folder to which to write the encrypted files. [string] [required]
  • --remove, -r Remove cleartext files once encrypted. [boolean]
  • --existing, -e Also encrypt already existing files. [boolean]
  • --retries When there is an error, try this number of times [number] [default: 3]
  • --on-error When there is an error with a file encryption or file removal that exceeded the number of retries, should the process skip this specific file and just print a warning, or should it fail. [string] [choices: "skip", "fail"] [default: "fail"]
  • --recipients-ids, --uids IDs of the recipients to add. Can be of the form UID, or UID:sigchainHash to do a check of the sigchainHash. [array] [default: []]
  • --recipients-emails, --emails Emails of the recipients to add. Can be of the form user@domain.ext, or user@domain.ext:sigchainHash to do a check of the sigchainHash. For non seald users, if your team has the option activated, you can specify a phone number using the format user@domain.ext#+33612345678. [array] [default: []]
  • --recipients-emails-file, --emails-file path of the file containing the recipients' emails. [string]
  • --ignore-files, --ignore List of anymatch glob patterns to ignore. Matches in a case-insensitive way against the file names, not full paths. Do not forget to escape special characters, to avoid them being interpreted by your shell. [array] [default: []]
  • --on-same-file-name Behaviour when there is a conflict on the output file name [string] [choices: "overwrite", "error", "increment", "skip"] [default: "error"]
  • --auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean]
  • --poll-interval Time to wait (in milliseconds) between checks of the file-system. [number] [default: 10000]
  • --stable-time Time to wait (in milliseconds) between checks of a single file to see if it is still being written or not. [number] [default: 500]
  • --method, -m, --watch-method Method to use to watch the input folder. Chokidar is the fastest and most CPU efficient, but in some cases other methods could be more reliable. [required] [choices: "chokidar", "chokidar-poll", "list", "checksum"] [default: "chokidar"]
  • --parallel When working on multiple files, run this number of tasks at the same time (only for chokidar). [number] [default: 10]
  • --encrypt-for-self Whether or not to include the current user as recipient. [boolean] [default: true]

# Example

seald watch-encrypt -i input/path/ -o output/path/ -r -e --uids 'JqTsYFZAAuSHVGofjmsg8g' --on-same-file-name=increment

# create-backup-key

Create a backup key.

Can only be used after account has been created, and has joined a team.

seald create-backup-key [--device-name <device_name>] [--output <output_file>]

# Options

  • --output, -o File to which to output the created key. [string] [default: "./seald-cli-backup.seald_key"]
  • --device-name, -n Name of the backup device. [string] [default: null]

# Example

seald create-backup-key -o path/my-backup-key.seald_key -n my-backup-key

# load-backup-key

Load a backup key.

Can only be used when no account has been created.

seald load-backup-key --key <key_file> [--offline]

# Options

  • --key, -k File from which to load the backup key. [string] [required]
  • --offline Do not try loading account data online after loading the key. [boolean]
  • --disable-db-password Disable getting asked for a password on DB creation. This option is not available for the desktop application. [boolean] [default: false]

# Example

seald load-backup-key --key path/my-backup-key.seald_key --offline

# get-user-info

The get-user-info command shows information about a user. This information is:

  • User's display name.
  • User's id.
  • Hash of its last sigchain block.
  • Validity of its sigchain.
  • User's known emails addresses.

If no arguments are provided, the command returns the information of the account used.

Can only be used after account has been created, and has joined a team.

seald get-user-info [--email email] [--id user-id]

# Options

  • --email, -e Email of the user about whom you want information. [string]
  • --id, -id ID of the user about whom you want information. [string]

# Exemple

Show informations of a user:

seald get-user-info --id G4ChkDGZR0eugk7z1TDwBA
seald get-user-info --email accountEmail-1@seald.io

Output expected:
User informations:
Display name: accountName
User id: G4ChkDGZR0eugk7z1TDwBA
Sigchain hash: ab5c744bff8e537fca62cdb2ef9c966cfda93c579b4113933e04dd245f9f7d4c
Sigchain is valid: true
Known email addresses:
  - accountEmail-1@seald.io
  - accountEmail-2@seald.io

# add-sigchain-transaction

The add-sigchain-transaction allow to manualy add a transaction to recover your sigchain from a bad state.

WARNING

You should not use this by yourself, always ask the Seald support.

Can only be used after account has been created, and has joined a team.

seald add-sigchain-transaction [--type email] [--device-id device-id] [--created-at] [--expire-after] [--encryption-key-hash] [--encryption-key-b64] [--signing-key-hash] [--signing-key-b64] [--signer-key-hash] [--signer-key-b64] [--verify-sigchain]

# Options

  • --type, -t Type of the sigchain operation [string] [required] [choices: "creation", "revocation", "renewal"]
  • --device-id, -d DeviceID of the sigchain operation [string] [required]
  • --created-at, -c Timestamp of the transaction as standard UNIX timestamp. Defaults to now. [number]
  • --expire-after, -a For key creations & renewals, duration in seconds during which they remain valid. Defaults to 3 years. [number]
  • --encryption-key-hash, -e Hash of the operationEncryptionKey. It must be the current encryptionKey of one of the user's devices. Otherwise, use the encryption-key argument. [string]
  • --encryption-key-b64 Full operationEncryptionKey to use, in Base64 format. [string]
  • --signing-key-hash, -s Hash of the operationSigningKey. It must be the current signingKey of one of the user's devices. Otherwise, use the signing-key argument. [string]
  • --signing-key-b64 Full operationSigningKey to use, in Base64 format. [string]
  • --signer-key-hash, -S Hash of the signingKey with which to sign the operation. It must be this device's signingKey, or one of its old signing keys. Otherwise, use the signer-key argument. Defaults to the device's current signing key. [string]
  • --signer-key-b64 Full signingKey with which to sign the operation to use, in Base64 format. [string]
  • --verify-sigchain When adding the transaction, whether the server should verify that this transaction makes the sigchain valid, or not. [boolean] [default: true]

# change-db-password

The change-db-password command can be used to set, change, or delete the database password.

This command is not available for the desktop application.

If a password is set, all the subsequent commands will need this password to be repeated.

TIP

You can provide the database password in the SEALD_DB_PASSWORD environment variable to avoid getting prompted on each start.

Can only be used after database has been created.

seald change-db-password

# request-recovery

The request-recovery command can be used to create an account recovery request.

Can only be used when no account has been created.

seald request-recovery [email] [user-id] [device-name]

# Options

  • --email, -e Email of the account to recover [string] [required]
  • --user-id Id of the account to recover [string]
  • --device-name Name of the current device [string]

# validate-recovery

The validate-recovery command can be used to validate an account recovery request

Can only be used when a recovery request has been created.

seald validate-recovery [challenge]

# Options

  • --challenge, -c Challenge sent by mail. Must be in the form 0000-0000 [string] [required]

# verify-recovery

Instantiate a recovered account

Can only be used when a recovery request has been created, validated, and accepted by a team administrator.

seald verify-recovery

# cancel-recovery-request

Delete the existing recovery request

Can only be used when a recovery request has been created.

seald cancel-recovery-request

# set-device-name

Set the name of the current device

Can only be used after account has been created.

seald set-device-name [device-name]

# Options

  • --device-name, -n Name of this device (36 chars max) [string] [required]

# create-group

Create a group.

Can only be used after account has been created.

seald create-group [group-name] [members-emails] [admins-emails]

# Options

  • --group-name, -n Name of the group [string] [required]
  • --members-emails, --emails Emails of the group members. It must include yourself. [array]
  • --members-ids, --uids IDs of the group members. It must include yourself. [array]
  • --members-emails-file, --emails-file File containing emails of the group members. [string]
  • --admins-emails Emails of the group administrators. Administrators must also be members. It must include yourself. [array]
  • --admins-ids IDs of the group administrators. Administrators must also be members. It must include yourself. [array]
  • --auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean] [default: null]

# renew-group-key

Renew group key.

Can only be used after account has been created.

seald renew-group-key [group-id]

# Options

  • --group-id, --gid ID of the group [string] [required]

# add-group-members

Add members to a group.

Can only be used after account has been created.

seald add-group-members [group-id] [new-members-emails]

# Options

  • --group-id, --gid ID of the group [string] [required]
  • --new-members-emails, --emails Emails of the group members to add. [array]
  • --new-members-ids, --uids IDs of the group members to add. [array]
  • --new-members-emails-file, --emails-file File containing emails of the group members to add. [string]
  • --auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean] [default: null]

# remove-group-members

Remove members from a group.
After removing a user, you should renew group keys.

Can only be used after account has been created.

seald remove-group-members [group-id] [members-to-remove-emails]

# Options

  • --group-id, --gid ID of the group [string] [required]
  • --members-to-remove-emails, --emails Emails of the group members to remove. [array]
  • --members-to-remove-ids, --uids IDs of the group members to remove. [array]
  • --members-to-remove-emails-file, --emails-file File containing emails of the group members to remove. [string]
  • --auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean] [default: null]

# set-group-admin

Set admin status of a group member. Can only be done by group admin.

Can only be used after account has been created.

seald set-group-admin [group-id] [member-email] [--new-status]

# Options

  • --group-id, --gid ID of the group [string] [required]
  • --member-email, --email Email of the group member to set admin status. [string]
  • --member-id, --uid ID of the group member to set admin status. [string]
  • --new-status, -s Status to set [boolean] [required]
  • --auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean] [default: null]

# list-groups

List teams groups.

Can only be used after account has been created.

seald list-groups

# Options

  • --page, -p groups are listed by pages of 10 [number]
  • --mine, -m Shows only the groups of which the user is a member [boolean]
  • --all, -a List all group pages at once [boolean]

# list-group-members

List all members of a group.

Can only be used after account has been created.

seald list-group-members [group-id]

# Options

  • --group-id, --gid ID of the group [string] [required]

# Global options

# Help

To show the help, use the argument --help.

To show the version number, use the argument--version.

# Log and debuging options

Three log levels are available by adding one of the following arguments:

  • --verbose, -v Show logs. [default]
  • --silly Show a lot of logs.
  • --silent Show as little logs as possible.

# Proxy

If Seald-CLI is running on a computer that has to connect through a proxy to access the internet, you can specify the URL of the proxy with the argument --proxy <url>.

# Advanced options

These options are not available for the desktop application.

  • --seald-dir Path of the seald-cli directory. [string] [default: "$HOME/.seald-cli"]
  • --key-size Size of the private keys to generate, in bites. [number] [choices: 1024, 2048, 4096] [default: 4096]
  • --strict-mode Enable strict mode. You will lose some features, but it will be more secure. [boolean] [default: false]
  • --disable-error-reports Disable reporting of errors to Seald. [boolean] [default: false]