CLI Reference

krypt [command] [options]

Options:
  --server URL      Server address (default: http://127.0.0.1:8200)
  --token TOKEN     Auth token (or KRYPT_TOKEN env var)
  --format FORMAT   Output: table | json | yaml
  --help            Show help

krypt server [options]

Options:
  --listen ADDR     Bind address (default: 127.0.0.1:8200)
  --config FILE     Config file path
  --tls-cert FILE   TLS certificate
  --tls-key FILE    TLS private key

krypt login ENGINE

krypt logout

# Create token
krypt token create [options]
  --role ROLE       Assign role
  --ttl DURATION    Lifetime (e.g., 8h, 7d)
  --description     Human-readable description

# Revoke token  
krypt token revoke TOKEN_ID

# List tokens
krypt token list

# Create engine
krypt engine create NAME [options]
  --password PASS     Master password
  --description DESC  Description

# List engines
krypt engine list

# Delete engine
krypt engine delete NAME [--force]

krypt put ENGINE PATH KEY=VALUE [KEY=VALUE...]

# Examples
krypt put prod db/postgres host=localhost port=5432
krypt put prod api/key token=abc123

krypt get ENGINE PATH [options]
  --field FIELD     Return single field
  --format json     Output as JSON

# Examples
krypt get prod db/postgres
krypt get prod db/postgres --field password
krypt get prod db/postgres --format json

krypt list ENGINE [options]
  --namespace NS    Filter by prefix

# Examples
krypt list prod
krypt list prod --namespace db/

krypt delete ENGINE PATH [--force]

# Write policy
krypt policy write NAME FILE

# List policies
krypt policy list

# Create role
krypt role create NAME --policies POLICY1,POLICY2

# List roles
krypt role list

# View status
krypt cluster status

# Join cluster
krypt cluster join LEADER_ADDR

# Leave cluster
krypt cluster leave

krypt audit list [options]
  --since DURATION  Filter by time (e.g., 24h, 7d)
  --action ACTION   Filter by action type
  --actor TOKEN_ID  Filter by actor
  --format json     JSON output