Seald: documentation

English

Français

English

Français

List of commands

These commands support global options.

create-account

The create-account command allows you to create an account and, optionally, add an email and join a team.

bash
seald create-account [--display-name <display_name>] [--email <email> [--email-validation <validation_token>] [--force] [--team-id <team_id>]]

Examples

To create an account:

bash
seald create-account

To create an account with an email :

bash
seald create-account --display-name Tim --email tim@seald.io

To create an account with an email, and join a team:

bash
seald create-account -d Tim -e tim@seald.io -t 00000000-0000-0000-0000-000000000000

To create an account with an email belonging to a pre-validated domain:

bash
seald  create-account -d Tim -e tim@seald.io --force --email-validation 69ddb1130cab76a9f4639e25b442d0358687436bccbf21a3e61bd0c1a2888246107e1cf9fd05f80d607f68fc0c8286ce06275356a01c4bd0e275f055832a5cde

Options

  • --display-name, -d Display name of the account. If you're using only the CLI, this cannot be changed afterwards. [string] [default: "CLI Account"]
  • --device-name, -n Name of this device (36 chars max) [string] [required]
  • --email, -e Email address of the account. [string] [default: null]
  • --email-validation Automatic email validation token created by the admin. [string] [require: email ]
  • --accept-license, --accept-licence Automatically accept the licence agreement and the privacy policy. [boolean] [default: false]
  • --force, -f If there is a warning, add email anyway without confirmation. [boolean] [default: null]
  • --team-id, -t ID of the team you want to join. Will be ignored if email is not specified. [string] [default: null] [require: email ]
  • --accept-backup-keys Automatically accept all team backup keys (requires to join a team). [boolean] [default: false]
  • --disable-db-password Disable getting asked for a password on DB creation. This option is not available for the desktop application. [boolean] [default: false]
  • --signup-jwt, --jwt JWT to use. [string]

add-email

The add-email command allows you to add an email to the account.

This operation requires to already have created an account beforehand via the create-account command.

An account requires at least one email to be used, and can have several emails.

To validate the new email, it is necessary to enter a validation code that is sent by email to the address.

If the email address is already associated with another Seald account, a confirmation will be requested. The --force option allows you to skip this confirmation.

If you are using a pre-validated domain, you can use a validation token through the --email-validation option when using the create-account and add-email commands. Using this key automatically validates the email, and adds the user to the team.

bash
seald add-email --email <email> [--email-validation <validation_token>] [--force]

Example

bash
seald add-email --email tim@seald.io
seald add-email -e tim@seald.io --email-validation <validation_token> --force

Options:

  • --email, -e Email address of the account. [string] [default: null] [required]
  • --email-validation Automatic email validation token created by the admin. [string]
  • --skip-validation Do not valide the email. Email will need to be validated later using the validate-email command. [boolean] [default: false]
  • --force, -f If there is a warning, add email anyway without confirmation. [boolean]
  • --accept-backup-keys Automatically accept all team backup keys (requires to join a team). [boolean] [default: false]
  • --auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean]

list-team-invitations

This operation requires to already have created an account and to have added at least one email.

This operation take no arguments.

bash
seald list-team-invitations

Example

bash
seald list-team-invitations

Output expected:
team: <team_name>, invited by: <inviter_email>, team ID: <team_id>

join-team

The join-team command allows you to join a team by accepting an invitation.

Can only be used after account has been created with at least one email.

bash
seald join-team --team-id <team_id>

Example

bash
$ seald join-team --team-id 00000000-0000-0000-0000-000000000000

Options

  • --team-id, -t UUID of the team you want to join. Will be ignored if email is not specified. [string] [default: null]
  • --accept-backup-keys Automatically accept all team backup keys [boolean] [default: false]

list-backup-keys

The list-backup-keys command allows you to list and accept newly created backup keys

Can only be used after account has been created, and has joined a team.

bash
seald list-backup-keys --accept-backup-keys

Exemple

bash
$ seald list-backup-keys --accept-backup-keys

Options

  • --accept-backup-keys Automatically accept all team backup keys [boolean] [default: false]

encrypt

The encrypt command allows you to encrypt one or more files.

Can only be used after account has been created, and has joined a team. If the strict mode is enabled, recipients without Seald are forbidden.

bash
seald encrypt [--output <output_file>] [--recipients-ids <...recipients_ids>] [--recipients-emails <...recipients_emails>] [--recipients-emails-file <recipients_emails_file>] [--force-self] --input <files_to_encrypt..>

Alias

  • encrypt-file

Examples

Encrypt a file only for yourself, without asking for confirmation:

bash
seald encrypt --input path/example.pdf --output path/example.pdf.seald --force-self

Encrypt two files for two recipients:

bash
seald encrypt -i 'path/example.pdf' 'path/annex.pdf' --recipients-ids JqTsYFZAAuSHVGofjmsg8g fjmsg8gJqTsYFZAAuSHVGo --emails 'email@domain.tld' 'email@domain.tld'

Recursively encrypt a folder, with clear files deleted, display a warning if file encryption has failed on some files:

bash
seald encrypt -i path/clearFiles/ -o path/encryptedFiles/ --emails-file path/recipients.txt --recursive --remove --on-error warn

Options

  • --input, -i, --file, --files, -f Path of the file to encrypt. [array] [required]
  • --output, -o File to write the encrypted file to. Defaults to current directory, with the same name as the clear file + .seald [string]
  • --recipients-ids, --uids IDs of the recipients to add. Can be of the form UID, or UID:sigchainHash to do a check of the sigchainHash. [array] [default: []]
  • --recipients-emails, --emails Emails of the recipients to add. Can be of the form user@domain.ext, or user@domain.ext:sigchainHash to do a check of the sigchainHash. For non seald users, if your team has the option activated, you can specify a phone number using the format user@domain.ext#+33612345678. [array] [default: []]
  • --recipients-emails-file, --emails-file Path of the file containing the recipients' emails. [string]
  • --force-self Do not ask for confirmation when you set no recipients other than yourself. [boolean]
  • --recursive, -r When given a directory, recursively encrypt all files inside [boolean]
  • --retries When working on multiple files and there is an error, try this number of times. [number] [default: 3]
  • --on-error When working on multiple files and there is an error, what is the behaviour. [string] [choices: "ignore", "warn", "fail"] [default: "fail"]
  • --parallel When working on multiple files, run this number of tasks at the same time. [number] [default: 10]
  • --remove, -R After encrypting a file, remove the clear one. When applied to a directory, also remove the directory. [boolean]
  • --remove-files After encrypting a file, remove the clear one. When applied to a directory, only remove the files inside. [boolean]
  • --on-same-file-name Behaviour when there is a conflict on the output file name [string] [choices: "overwrite", "error", "increment", "skip"] [default: "error"]
  • --auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean]
  • --progress Show progress bar. Enabled by default, use --no-progress to disable it. [boolean] [default: true]
  • --encrypt-for-self Whether or not to include the current user as recipient. [boolean] [default: true]

decrypt

The decrypt command allows you to decrypt one or more files.

Can only be used after account has been created, and has joined a team.

bash
seald decrypt --file <file_to_decrypt> [--output <output_directory>] [--offline-database <offline_database_path>] [--force] [--safe]

Alias

  • decrypt-file

Examples

Decrypt a file:

bash
seald decrypt -i path/example.pdf.seald -o path/example.pdf

Decrypt a file using a key backup file:

bash
seald decrypt -i path/example.pdf.seald -o path/example.pdf --offline-database path/backupFile.txt

Decrypt a folder recursively, displaying an alert if certain files cannot be decrypted:

bash
seald decrypt -i path/encryptedFiles/ -o path/clearFiles/ --on-error warn --on-non-seald warn

Options

  • --input, -i, --file, --files, -f Path of the file to decrypt. [array] [required]
  • --output, --output-dir, -o File to write the clear file to. Defaults to current directory. [string]
  • --offline-database, -d Offline backup of the database. [string]
  • --force, -f Decrypt anyway even if there is a warning, without confirmation. Only when decrypting single files. Always true when decrypting multiple files. [array]
  • --safe, -s Do not decrypt if there is a warning, without confirmation. [boolean]
  • --recursive, -r When given a directory, recursively decrypt all files inside. [boolean]
  • --retries When working on multiple files, and there is an error, try this number of times. [number] [default: 3]
  • --on-error When working on multiple files, and there is an error, what is the behaviour. [string] [choices: "ignore", "warn", "fail"] [default: "fail"]
  • --on-non-seald When working on multiple files, and we encounter a non-seald file, what is the behaviour. [string] [choices: "ignore", "warn", "fail"] [default: "warn"]
  • --parallel When working on multiple files, run this number of tasks at the same time. [number] [default: 10]
  • --remove, -R After decrypting a file, remove the encrypted one. When applied to a directory, also remove the directory. [boolean]
  • --remove-files After decrypting a file, remove the encrypted one. When applied to a directory, only remove the files inside. [boolean]
  • --progress Show progress bar. Enabled by default, use --no-progress to disable it. [boolean] [default: true]

add-recipients

The add-recipients command allows you to add recipients to an existing encrypted file.

Can only be used after account has been created, and has joined a team. If the strict mode is enabled, recipients without Seald are forbidden.

bash
seald add-recipients [input..]

Alias

  • authorize-recipients

Example

Add two users with Seald using their IDs, and two users without Seald using their email address.

bash
seald add-recipients -i path/example.pdf.seald --uids JqTsYFZAAuSHVGofjmsg8g, fjmsg8gJqTsYFZAAuSHVGo --emails 'email@domain.tld' 'email@domain.tld'

Options

  • --input, -f, --file, --files, -i Path of the encrypted file or files. [array] [required]
  • --recipients-ids, --uids IDs of the recipients to add. Can be of the form UID, or UID:sigchainHash to do a check of the sigchainHash. [array] [default: []]
  • --recipients-emails, --emails Emails of the recipients to add. Can be of the form user@domain.ext, or user@domain.ext:sigchainHash to do a check of the sigchainHash. For non seald users, if your team has the option activated, you can specify a phone number using the form user@domain.ext#+33612345678. To remove the phone number, use the format email#. [array] [default: []]
  • --recipients-emails-file, --emails-file Path of the file containing the recipients' emails. [string]
  • --recursive, -r When given a directory, recursively authorize all files inside. [boolean]
  • --retries When working on multiple files, and there is an error, try this number of times [number] [default: 3]
  • --on-error When working on multiple files, and there is an error, what is the behaviour [number] [default: 3]
  • --on-non-seald When working on multiple files, and we encounter a non-Seald file, what is the behaviour. [string] [choices: "ignore", "warn", "fail"] [default: "warn"]
  • --parallel When working on multiple files, run this number of tasks at the same time. [number] [default: 10]
  • --auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean]
  • --progress Show progress bar. Enabled by default, use --no-progress to disable it. [boolean] [default: true]

revoke

The revoke command allows you to revoke recipients to an existing encrypted file.

Can only be used after account has been created, and has joined a team.

bash
seald revoke --file <...files_path> [--revoke-emails <...emails_to_revoke>] [--revoke-emails-file <emails_list_to_revoke>] [--revoke-ids <...ids_to_revoke>]

Exemple

Revoke two users with seald using their uids, and two users without Seald using their email address:

bash
seald revoke -i path/example.pdf.seald --uids JqTsYFZAAuSHVGofjmsg8g, fjmsg8gJqTsYFZAAuSHVGo --emails 'email@domain.tld' 'email@domain.tld'

Options

  • --input, -f, --file, --files, -i Path of the encrypted file or files. [array] [required]
  • --revoke-all, --all Revoke all recipients. [boolean]
  • --revoke-others, --others Revoke everyone except this account. [boolean]
  • --revoke-emails, --emails Emails of the recipients to revoke. [array]
  • --revoke-emails-file, --emails-file File containing emails of the recipients to revoke. [string]
  • --revoke-ids, --uids IDs of the recipients to revoke. [array]
  • --recursive, -r When given a directory, recursively decrypt all files inside. [boolean]
  • --retries When working on multiple files and there is an error, try this number of times. [number] [default: 3]
  • --on-error When working on multiple files and there is an error, what is the behaviour. [string] [choices: "ignore", "warn", "fail"] [default: "fail"]
  • --on-non-seald When working on multiple files and we encounter a non-seald file, what is the behaviour. [string] [choices: "ignore", "warn", "fail"] [default: "warn"]
  • --parallel When working on multiple files, run this number of tasks at the same time. [number] [default: 10]
  • --auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean]
  • --progress Show progress bar. Enabled by default, use --no-progress to disable it. [boolean] [default: true]

get-file-info

The get-file-info command shows information about an encrypted file. This information is:

  • Recipients.
  • Revoked recipients.
  • Acknowledgement of reading.

Can only be used after account has been created.

bash
seald get-file-info --file <file_path>

Exemple

Show informations of a file:

bash
seald get-file-info --file path/example.pdf.seald

Options

  • --input, -f, --file, --files, -i Path of the encrypted file. [string] [required]

watch-encrypt

Watch a folder and encrypt all files written to it into another folder. The tree structure is preserved.

Can only be used after account has been created, and has joined a team. If the strict mode is enabled, recipients without Seald are forbidden.

bash
seald watch-encrypt --input <input_folder_path> --output <output_folder_path> [--remove] [--existing] [--recipients-ids <...recipients_ids>] [--recipients-emails <...recipients_emails>] [--recipients-emails-file <recipients_emails_file>]

Options

  • --input, -i Path of the folder to watch. [string] [required]
  • --output, -o Path of the folder to which to write the encrypted files. [string] [required]
  • --remove, -r Remove cleartext files once encrypted. [boolean]
  • --existing, -e Also encrypt already existing files. [boolean]
  • --retries When there is an error, try this number of times [number] [default: 3]
  • --on-error When there is an error with a file encryption or file removal that exceeded the number of retries, should the process skip this specific file and just print a warning, or should it fail. [string] [choices: "skip", "fail"] [default: "fail"]
  • --recipients-ids, --uids IDs of the recipients to add. Can be of the form UID, or UID:sigchainHash to do a check of the sigchainHash. [array] [default: []]
  • --recipients-emails, --emails Emails of the recipients to add. Can be of the form user@domain.ext, or user@domain.ext:sigchainHash to do a check of the sigchainHash. For non seald users, if your team has the option activated, you can specify a phone number using the format user@domain.ext#+33612345678. [array] [default: []]
  • --recipients-emails-file, --emails-file path of the file containing the recipients' emails. [string]
  • --ignore-files, --ignore List of anymatch glob patterns to ignore. Matches in a case-insensitive way against the file names, not full paths. Do not forget to escape special characters, to avoid them being interpreted by your shell. [array] [default: []]
  • --on-same-file-name Behaviour when there is a conflict on the output file name [string] [choices: "overwrite", "error", "increment", "skip"] [default: "error"]
  • --auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean]
  • --poll-interval Time to wait (in milliseconds) between checks of the file-system. [number] [default: 10000]
  • --stable-time Time to wait (in milliseconds) between checks of a single file to see if it is still being written or not. [number] [default: 500]
  • --method, -m, --watch-method Method to use to watch the input folder. Chokidar is the fastest and most CPU efficient, but in some cases other methods could be more reliable. [required] [choices: "chokidar", "chokidar-poll", "list", "checksum"] [default: "chokidar"]
  • --parallel When working on multiple files, run this number of tasks at the same time (only for chokidar). [number] [default: 10]
  • --encrypt-for-self Whether or not to include the current user as recipient. [boolean] [default: true]

Example

bash
seald watch-encrypt -i input/path/ -o output/path/ -r -e --uids 'JqTsYFZAAuSHVGofjmsg8g' --on-same-file-name=increment

create-backup-key

Create a backup key.

Can only be used after account has been created, and has joined a team.

bash
seald create-backup-key [--device-name <device_name>] [--output <output_file>]

Options

  • --output, -o File to which to output the created key. [string] [default: "./seald-cli-backup.seald_key"]
  • --device-name, -n Name of the backup device. [string] [default: null]
  • --key-password, -p Password to encrypt the key export. Empty string to export an unprotected key. If not specified, the CLI will ask for it later. [string]

Example

bash
seald create-backup-key -o path/my-backup-key.seald_key -n my-backup-key

load-backup-key

Load a backup key.

Can only be used when no account has been created.

bash
seald load-backup-key --key <key_file> [--offline]

Options

  • --key, -k File from which to load the backup key. [string] [required]
  • --offline Do not try loading account data online after loading the key. [boolean]
  • --disable-db-password Disable getting asked for a password on DB creation. This option is not available for the desktop application. [boolean] [default: false]
  • --key-password, -p Password used to encrypt the exported key. If not specified, the CLI will ask for it later. [string]

Example

bash
seald load-backup-key --key path/my-backup-key.seald_key --offline

get-user-info

The get-user-info command shows information about a user. This information is:

  • User's display name.
  • User's id.
  • Hash of its last sigchain block.
  • Validity of its sigchain.
  • User's known emails addresses.

If no arguments are provided, the command returns the information of the account used.

Can only be used after account has been created, and has joined a team.

bash
seald get-user-info [--email email] [--id user-id]

Options

  • --email, -e Email of the user about whom you want information. [string]
  • --id, -id ID of the user about whom you want information. [string]

Exemple

Show informations of a user:

bash
seald get-user-info --id G4ChkDGZR0eugk7z1TDwBA
seald get-user-info --email accountEmail-1@seald.io

Output expected:
User informations:
Display name: accountName
User id: G4ChkDGZR0eugk7z1TDwBA
Sigchain hash: ab5c744bff8e537fca62cdb2ef9c966cfda93c579b4113933e04dd245f9f7d4c
Sigchain is valid: true
Known email addresses:
  - accountEmail-1@seald.io
  - accountEmail-2@seald.io

add-sigchain-transaction

The add-sigchain-transaction allow to manualy add a transaction to recover your sigchain from a bad state.

WARNING

You should not use this by yourself, always ask the Seald support.

Can only be used after account has been created, and has joined a team.

bash
seald add-sigchain-transaction [--type email] [--device-id device-id] [--created-at] [--expire-after] [--encryption-key-hash] [--encryption-key-b64] [--signing-key-hash] [--signing-key-b64] [--signer-key-hash] [--signer-key-b64] [--verify-sigchain]

Options

  • --type, -t Type of the sigchain operation [string] [required] [choices: "creation", "revocation", "renewal"]
  • --device-id, -d DeviceID of the sigchain operation [string] [required]
  • --created-at, -c Timestamp of the transaction as standard UNIX timestamp. Defaults to now. [number]
  • --expire-after, -a For key creations & renewals, duration in seconds during which they remain valid. Defaults to 3 years. [number]
  • --encryption-key-hash, -e Hash of the operationEncryptionKey. It must be the current encryptionKey of one of the user's devices. Otherwise, use the encryption-key argument. [string]
  • --encryption-key-b64 Full operationEncryptionKey to use, in Base64 format. [string]
  • --signing-key-hash, -s Hash of the operationSigningKey. It must be the current signingKey of one of the user's devices. Otherwise, use the signing-key argument. [string]
  • --signing-key-b64 Full operationSigningKey to use, in Base64 format. [string]
  • --signer-key-hash, -S Hash of the signingKey with which to sign the operation. It must be this device's signingKey, or one of its old signing keys. Otherwise, use the signer-key argument. Defaults to the device's current signing key. [string]
  • --signer-key-b64 Full signingKey with which to sign the operation to use, in Base64 format. [string]
  • --verify-sigchain When adding the transaction, whether the server should verify that this transaction makes the sigchain valid, or not. [boolean] [default: true]

change-db-password

The change-db-password command can be used to set, change, or delete the database password.

This command is not available for the desktop application.

If a password is set, all the subsequent commands will need this password to be repeated.

TIP

You can provide the database password in the SEALD_DB_PASSWORD environment variable to avoid getting prompted on each start.

Can only be used after database has been created.

bash
seald change-db-password

request-recovery

The request-recovery command can be used to create an account recovery request.

Can only be used when no account has been created.

bash
seald request-recovery [email] [user-id] [device-name]

Options

  • --email, -e Email of the account to recover [string] [required]
  • --user-id Id of the account to recover [string]
  • --device-name Name of the current device [string]
  • --skip-validation Do not interactively await the validation code send by mail. You can validate it later using the validate-recovery command. [boolean] [default: false]

validate-recovery

The validate-recovery command can be used to validate an account recovery request

Can only be used when a recovery request has been created.

bash
seald validate-recovery [challenge]

Options

  • --challenge, -c Challenge sent by mail. Must be in the form 0000-0000 [string] [required]

verify-recovery

Instantiate a recovered account

Can only be used when a recovery request has been created, validated, and accepted by a team administrator.

bash
seald verify-recovery

cancel-recovery-request

Delete the existing recovery request

Can only be used when a recovery request has been created.

bash
seald cancel-recovery-request

set-device-name

Set the name of the current device

Can only be used after account has been created.

seald set-device-name [device-name]

Options

  • --device-name, -n Name of this device (36 chars max) [string] [required]

create-group

Create a group.

Can only be used after account has been created.

seald create-group [group-name] [members-emails] [admins-emails]

Options

  • --group-name, -n Name of the group [string] [required]
  • --members-emails, --emails Emails of the group members. It must include yourself. [array]
  • --members-ids, --uids IDs of the group members. It must include yourself. [array]
  • --members-emails-file, --emails-file File containing emails of the group members. [string]
  • --admins-emails Emails of the group administrators. Administrators must also be members. It must include yourself. [array]
  • --admins-ids IDs of the group administrators. Administrators must also be members. It must include yourself. [array]
  • --auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean] [default: null]

renew-group-key

Renew group key.

Can only be used after account has been created.

seald renew-group-key [group-id]

Options

  • --group-id, --gid ID of the group [string] [required]

add-group-members

Add members to a group.

Can only be used after account has been created.

seald add-group-members [group-id] [new-members-emails]

Options

  • --group-id, --gid ID of the group [string] [required]
  • --new-members-emails, --emails Emails of the group members to add. [array]
  • --new-members-ids, --uids IDs of the group members to add. [array]
  • --new-members-emails-file, --emails-file File containing emails of the group members to add. [string]
  • --auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean] [default: null]

remove-group-members

Remove members from a group.
After removing a user, you should renew group keys.

Can only be used after account has been created.

seald remove-group-members [group-id] [members-to-remove-emails]

Options

  • --group-id, --gid ID of the group [string] [required]
  • --members-to-remove-emails, --emails Emails of the group members to remove. [array]
  • --members-to-remove-ids, --uids IDs of the group members to remove. [array]
  • --members-to-remove-emails-file, --emails-file File containing emails of the group members to remove. [string]
  • --auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean] [default: null]

set-group-admin

Set admin status of a group member. Can only be done by group admin.

Can only be used after account has been created.

seald set-group-admin [group-id] [member-email] [--new-status]

Options

  • --group-id, --gid ID of the group [string] [required]
  • --member-email, --email Email of the group member to set admin status. [string]
  • --member-id, --uid ID of the group member to set admin status. [string]
  • --new-status, -s Status to set [boolean] [required]
  • --auto-accept-contacts Whether or not to ask confirmation for new contacts. Defaults to demanding confirmation in strict mode, and not demanding it in non-strict mode. [boolean] [default: null]

list-groups

List teams groups.

Can only be used after account has been created.

seald list-groups

Options

  • --page, -p groups are listed by pages of 10 [number]
  • --mine, -m Shows only the groups of which the user is a member [boolean]
  • --all, -a List all group pages at once [boolean]

list-group-members

List all members of a group.

Can only be used after account has been created.

seald list-group-members [group-id]

Options

  • --group-id, --gid ID of the group [string] [required]

validate-email

Validate an email connector already added to the account

Can only be used after account has been created.

seald validate-email [email] [code]

Options

  • --email, -e Email address to validate. You must specify either email or email-connector-id. [string]
  • --email-connector-id, --id ID of the email connector to validate. You must specify either email or email-connector-id. [string]
  • --validation-code, --code Validation code sent to the email address. [string] [required]

use-jwt

Use a JSON Web Token to join a team, or to add a connector to the current user.

Can only be used after account has been created.

seald use-jwt

Options

  • --jwt JWT to use [string] [required]
  • --accept-backup-keys Automatically accept all team backup keys (only if the JWT adds you to a team) [boolean]

Global options

Help

To show the help, use the argument --help.

To show the version number, use the argument--version.

Log and debugging options

Three log levels are available by adding one of the following arguments:

  • --verbose, -v Show logs. [default]
  • --silly Show a lot of logs.
  • --silent Show as little logs as possible.

Proxy

If Seald-CLI is running on a computer that has to connect through a proxy to access the internet, you can specify the URL of the proxy with the argument --proxy <url>.

Advanced options

These options are not available for the desktop application.

  • --seald-dir Path of the seald-cli directory. [string] [default: "$HOME/.seald-cli"]
  • --key-size Size of the private keys to generate, in bites. [number] [choices: 1024, 2048, 4096] [default: 4096]
  • --strict-mode Enable strict mode. You will lose some features, but it will be more secure. [boolean] [default: false]
  • --disable-error-reports Disable reporting of errors to Seald. [boolean] [default: false]
  • --issuer-fingerprint Fingerprint of the certificate of the issuer of the API server's certificate. Multiple certificates can be comma-separated. [string] [default: "67:AD:D1:16:6B:02:0A:E6:1B:8F:5F:C9:68:13:C0:4C:2A:A5:89:96:07:96:86:55:72:A3:C7:E7:37:61:3D:FD,73:0C:1B:DC:D8:5F:57:CE:5D:C0:BB:A7:33:E5:F1:BA:5A:92:5B:2A:77:1D:64:0A:26:F7:A4:54:22:4D:AD:3B,46:49:4E:30:37:90:59:DF:18:BE:52:12:43:05:E6:06:FC:59:07:0E:5B:21:07:6C:E1:13:95:4B:60:51:7C:DA,1A:07:52:9A:8B:3F:01:D2:31:DF:AD:2A:BD:F7:18:99:20:0B:B6:5C:D7:E0:3C:59:FA:82:27:25:33:35:5B:74,5A:8F:16:FD:A4:48:D7:83:48:1C:CA:57:A2:42:8D:17:4D:AD:8C:60:94:3C:EB:28:F6:61:AE:31:FD:39:A5:FA,BA:CD:E0:46:30:53:CE:1D:62:F8:BE:74:37:0B:BA:E7:9D:4F:CA:F1:9F:C0:76:43:AE:F1:95:E6:A5:9B:D5:78,73:1D:3D:9C:FA:A0:61:48:7A:1D:71:44:5A:42:F6:7D:F0:AF:CA:2A:6C:2D:2F:98:FF:7B:3C:E1:12:B1:F5:68,25:84:7D:66:8E:B4:F0:4F:DD:40:B1:2B:6B:07:40:C5:67:DA:7D:02:43:08:EB:6C:2C:96:FE:41:D9:DE:21:8D"]
  • --decrypt-url URL of the Seald decrypt server. [string] [default: "https://decrypt.seald.io/"]
  • --api-url URL of the Seald API server. [string] [default: "https://api.seald.io/"]