Commands

Complete reference for all Nokvault commands and their options.

`encrypt <path>`

Encrypt a file or directory using AES-256-GCM encryption. Supports both files and recursive directory encryption.

Options

--output, -o: Specify output file path (default: <path>.nokvault)
--keyfile, -k: Path to keyfile for encryption
--password, -p: Encryption password (not recommended)
--no-prompt: Don't prompt for password
--compress: Compress before encryption
--exclude: Exclude patterns (can be used multiple times)
--dry-run: Show what would be encrypted without actually encrypting
--verbose, -v: Verbose output

Examples

# Encrypt a file
nokvault encrypt document.txt

# Encrypt with compression
nokvault encrypt large-file.bin --compress

# Encrypt directory excluding temp files
nokvault encrypt ./documents --exclude "*.tmp" --exclude "*.log"

# Use keyfile
nokvault encrypt file.txt --keyfile ~/.keys/master.key

`decrypt <path>`

Decrypt a nokvault encrypted file or directory. Automatically detects encrypted files and restores original structure.

Options

--output, -o: Specify output file path
--keyfile, -k: Path to keyfile for decryption
--password, -p: Decryption password
--no-prompt: Don't prompt for password
--dry-run: Show what would be decrypted
--verbose, -v: Verbose output

Examples

# Decrypt a file
nokvault decrypt document.txt.nokvault

# Decrypt with keyfile
nokvault decrypt file.nokvault --keyfile ~/.keys/master.key

# Decrypt directory
nokvault decrypt ./encrypted-documents

`watch <path>`

Watch a directory for file changes and optionally auto-encrypt files when they're created or modified.

Options

--auto-encrypt: Automatically encrypt files on change
--keyfile, -k: Path to keyfile
--delay: Delay before processing changes (default: 1s)
--exclude: Exclude patterns
--recursive: Watch subdirectories recursively
--verbose, -v: Verbose output

Examples

# Watch directory with auto-encryption
nokvault watch ./documents --auto-encrypt --keyfile ~/.keys/master.key

# Watch with delay and exclusions
nokvault watch ./sensitive --auto-encrypt \
  --keyfile ~/.keys/master.key \
  --delay 5s \
  --exclude "*.tmp"

`schedule encrypt <path>`

Schedule periodic encryption operations. Useful for automated backups and regular encryption tasks.

Options

--interval: Time interval between operations (e.g., 1h, 30m, 1d)
--keyfile, -k: Path to keyfile
--compress: Compress before encryption
--verbose, -v: Verbose output

Examples

# Encrypt every hour
nokvault schedule encrypt ./backups --interval 1h --keyfile ~/.keys/backup.key

# Encrypt daily
nokvault schedule encrypt ./documents --interval 24h

`rotate-key <path>`

Rotate the encryption key for an encrypted file without re-encrypting the data. This is more efficient than decrypting and re-encrypting.

Options

--old-keyfile: Path to old keyfile
--new-keyfile: Path to new keyfile
--verbose, -v: Verbose output

Examples

# Rotate key for a file
nokvault rotate-key file.nokvault

# Rotate with specific keyfiles
nokvault rotate-key file.nokvault \
  --old-keyfile ~/.keys/old.key \
  --new-keyfile ~/.keys/new.key

`secure-delete <path>`

Securely delete a file by overwriting it multiple times before deletion. Makes data recovery extremely difficult.

Options

--passes: Number of overwrite passes (default: 3)
--verbose, -v: Verbose output

Examples

# Secure delete with default passes
nokvault secure-delete sensitive-file.txt

# Secure delete with custom passes
nokvault secure-delete sensitive-file.txt --passes 7

`config`

Manage configuration settings. View, set, or initialize configuration files.

Subcommands

--init: Initialize default configuration
--show: Show current configuration
--get <key>: Get a specific configuration value
--set <key>=<value>: Set a configuration value

Examples

# Initialize configuration
nokvault config --init

# View current configuration
nokvault config --show

# Get specific value
nokvault config --get compression

# Set a value
nokvault config --set compression=true