Basic Usage

Learn the fundamentals of using Nokvault to encrypt and decrypt your files.

Encrypting a File

The simplest way to encrypt a file is to use the encrypt command: 

nokvault encrypt document.txt

This will create document.txt.nokvault and prompt you for a password. The original file remains unchanged unless you use the --delete-original flag.

Decrypting a File

To decrypt a file, use the decrypt command: 

nokvault decrypt document.txt.nokvault

Nokvault will automatically detect the original filename and restore it. You'll be prompted for the password used during encryption.

Using Keyfiles

Keyfiles are more secure than passwords and don't require typing. Create a keyfile and use it for encryption: 

# Generate a random keyfile (using openssl or similar)
openssl rand -out ~/.keys/master.key 32

# Encrypt with keyfile
nokvault encrypt document.txt --keyfile ~/.keys/master.key

# Decrypt with keyfile
nokvault decrypt document.txt.nokvault --keyfile ~/.keys/master.key

Important: Keep your keyfiles secure and backed up. Without the keyfile, encrypted data cannot be recovered.

Using Environment Variables

For automation and scripts, you can use environment variables instead of interactive prompts: 

# Set password as environment variable
export NOKVAULT_PASSWORD="your-secure-password"

# Encrypt without prompt
nokvault encrypt document.txt --no-prompt

# Unset after use
unset NOKVAULT_PASSWORD

Encrypting Directories

Nokvault can encrypt entire directories recursively: 

# Encrypt a directory
nokvault encrypt ./documents

# The directory structure is preserved
# Each file is encrypted individually

When encrypting directories, each file is encrypted separately, allowing you to decrypt individual files if needed.

Specifying Output Location

By default, encrypted files are created in the same location with a .nokvault extension. You can specify a custom output: 

# Encrypt to specific location
nokvault encrypt document.txt --output ./encrypted/secure.nokvault

# Decrypt to specific location
nokvault decrypt document.nokvault --output ./decrypted/restored.txt

Dry Run

Before encrypting, you can preview what would happen with the --dry-run flag: 

# See what would be encrypted
nokvault encrypt ./documents --dry-run

# This shows which files would be processed without actually encrypting