Documentation Index
Fetch the complete documentation index at: https://docs.krypthq.com/llms.txt
Use this file to discover all available pages before exploring further.
Full reference for the Krypt CLI (@kryptorg/cli v2.1.1). If you’re new to Krypt, start with the Quickstart.
krypt login
Authenticates the CLI with your Krypt account using an API key.
Usage
krypt login --key <api-key>
Options
| Flag | Description | Default |
|---|
--key | Your API key (starts with krypt_live_) | — |
Examples
krypt login --key krypt_live_abc123def456
KRYPT_API_URL=https://custom.krypthq.com krypt login --key krypt_live_abc123def456
Your API key is stored in ~/.krypt/config.json with 0600 permissions. Generate keys at krypthq.com/dashboard/api-keys. Keys are shown only once — store them somewhere safe.
krypt logout
Removes your stored credentials by clearing ~/.krypt/config.json.
Usage
Examples
✓ Logged out and config cleared
krypt whoami
Displays the currently authenticated user and their associated projects.
Usage
Examples
Account
User ID: user_3D5IGYf50BLotX62fK5NjFHU7sR
(Email unavailable — API keys don't carry identity by default)
API Key: krypt_live_abc12...
Projects (2)
my-app updated 5/5/2026, 14:30:00
billing updated 5/4/2026, 10:15:00
When authenticated via API key, email is unavailable because keys don’t carry user identity. Use the dashboard to see your full account details.
krypt list
Lists all projects in your Krypt account.
Usage
ls is an alias:
Examples
Projects (3):
my-app updated 5/5/2026, 14:30:00
billing updated 5/4/2026, 10:15:00
infra updated 5/3/2026, 09:00:00
krypt init
Links the current directory to a Krypt project. Creates a .krypt config file in the directory.
Usage
krypt init <projectName> [options]
Options
| Flag | Description | Default |
|---|
--env | Environment to use for this directory | development |
Examples
krypt init my-app --env staging
✓ Linked to "my-app" (staging)
Created .krypt
Add .krypt to your .gitignore — it contains your project binding but should not be shared across clones.
krypt push
Uploads your local .env file to Krypt. Secrets are encrypted before leaving your machine.
Usage
Options
| Flag | Description | Default |
|---|
--env | Target environment to push to | Environment set by krypt init |
Examples
krypt push --env production
✓ Pushed 5 secret(s) to "my-app" (production)
Pushing overwrites all secrets in the target environment. There is no merge — the remote state becomes an exact copy of your local .env.
krypt pull
Downloads secrets from Krypt and writes them to .env in the current directory.
Usage
Options
| Flag | Description | Default |
|---|
--env | Environment to pull from | Environment set by krypt init |
Examples
✓ Pulled 5 secret(s) from "my-app" (staging)
Written to .env
If a .env file already exists, it is overwritten. Back up local changes before pulling if needed.
krypt run
Executes a command with your project’s secrets injected as environment variables. No .env file is written to disk.
Usage
krypt run [options] -- <command>
Options
| Flag | Description | Default |
|---|
--env | Environment to load secrets from | Environment set by krypt init |
Examples
krypt run -- node server.js
krypt run --env production -- npm start
krypt run -- printenv DATABASE_URL
Your shell expands $VAR before Krypt sees it. If your command includes literal dollar signs, wrap it in single quotes:krypt run -- sh -c 'echo $DATABASE_URL'
krypt diff
Compares secrets between two environments of the same project. Displays a colour-coded side-by-side table showing matching, mismatched, and missing keys.
Usage
krypt diff <projectName> --envA <environment> --envB <environment>
Options
| Flag | Description | Default |
|---|
--envA | First environment to compare | — (required) |
--envB | Second environment to compare | — (required) |
Examples
krypt diff my-app --envA development --envB production
my-app development ↔ production
──────────────────────────────────────────────────────────────────────────
KEY DEVELOPMENT PRODUCTION
──────────────────────────────────────────────────────────────────────────
DATABASE_URL postgres://localhost:5432/mydb postgres://prod.db.example.com/mydb
API_TOKEN dev-token-abc prod-token-xyz
DEBUG_MODE true (missing)
STRIPE_KEY (missing) sk_live_xxx
──────────────────────────────────────────────────────────────────────────
0 matching 2 mismatched 2 missing
The diff output reveals plaintext secret values in your terminal. Run this in a private session and avoid piping output to shared logs.
krypt share
Invites a teammate to a project by email.
Usage
krypt share <projectName> <email> [options]
Options
| Flag | Description | Default |
|---|
--role | Permission level: admin, member, or viewer | member |
Examples
krypt share my-app bob@company.com
krypt share my-app alice@company.com --role admin
✓ Invited alice@company.com to "my-app" as admin
Inviting team members requires a Pro plan. The invited user receives an email and must accept before they can access project secrets. See Roles and permissions for what each role can do.
Configuration
The CLI stores its configuration at ~/.krypt/config.json with 0600 permissions (readable only by your user).
To point the CLI at a custom API endpoint, set the KRYPT_API_URL environment variable:
export KRYPT_API_URL=https://custom.krypthq.com
Exit codes
| Code | Meaning |
|---|
0 | Command completed successfully |
1 | Error — authentication failed, project not found, network issue, or invalid input |
Help
Every command supports --help for inline usage information:
