Table of Contents

Introduction to Vaulty v1.2.3

Vaulty is a secure, lightweight password manager that operates entirely from your command line. Built with developers, system administrators, and security-conscious power users in mind, Vaulty combines military-grade encryption with the efficiency and scriptability of a CLI interface.

Unlike traditional password managers with bloated GUIs, Vaulty focuses on speed, security, and seamless integration with your existing terminal workflows. Whether you're storing website credentials, API keys, SSH keys, databases passwords, or secure notes, Vaulty provides a streamlined experience without sacrificing security.

Why Vaulty?

Vaulty brings together the best of both worlds: enterprise-grade security with the simplicity and power of command-line tools. Perfect for developers who live in the terminal and need quick, scriptable access to their credentials. Its lightweight footprint and lightning-fast operation make it ideal for both local development and server environments.

Zero-Knowledge Architecture

Your data is encrypted/decrypted locally; the server never sees plaintext data

Intuitive CLI Interface

Simple commands make password management fast and efficient

Military-Grade Encryption

AES-256-GCM encryption with Argon2 key derivation

Cross-Platform

Works identically on macOS, Linux, and Windows

Secure Synchronization

End-to-end encrypted sync across multiple devices

Scriptable

Easily integrate with shell scripts and automation workflows

Philosophy

Vaulty was created with several core principles in mind:

  • Security First - Security is never compromised for convenience. Your secrets remain yours alone.
  • Terminal-Centric - Built by CLI lovers, for CLI lovers. No unnecessary GUI elements to slow you down.
  • Minimalist Design - Do one thing and do it well. Manage secrets securely without feature bloat.
  • Open Architecture - Transparent encryption, open-source code, and extensible design.
  • Developer-Focused - Optimized for programming workflows, automation, and DevOps integration.

Installation

Prerequisites

Vaulty requires a relatively modern operating system:

  • macOS 10.15+
  • Windows 10+
  • Linux (with glibc 2.28+)

System requirements are minimal:

  • 10MB of disk space
  • 256MB of RAM
  • Basic terminal emulator

Install on macOS

The recommended installation method is via Homebrew:

brew install vaulty

Or you can download the binary directly:

curl -fsSL https://get.vaulty.reqnode.com | sh

For macOS with Apple Silicon (M1/M2/M3):

curl -fsSL https://get.vaulty.reqnode.com | ARCH=arm64 sh

Install on Linux

For most Linux distributions, use our install script:

curl -fsSL https://get.vaulty.reqnode.com | sh

For Debian/Ubuntu, you can use apt:

sudo apt-get update && sudo apt-get install vaulty

For Arch Linux:

yay -S vaulty

For RHEL/CentOS/Fedora:

sudo dnf install vaulty

Install on Windows

Install using PowerShell:

iwr -useb https://get.vaulty.reqnode.com/install.ps1 | iex

Or via Chocolatey:

choco install vaulty

Or via Scoop:

scoop install vaulty

Verify Installation

After installing, verify that Vaulty is working correctly:

vaulty --version
Vaulty v1.2.3

You can also verify the integrity of the installation:

vaulty doctor
✅ Vaulty installation: OK ✅ Dependencies: All present ✅ Configuration directory: Properly initialized ✅ Permissions: Correct ✅ Network connectivity: OK

Quickstart Guide

Initialize Vaulty

After installing Vaulty, you need to initialize it by creating a new vault:

vaulty init

You'll be prompted to create a master password. Choose a strong, memorable password that you won't forget.

Important

Your master password is the key to all your secrets. If you lose it, there's no way to recover your data. Make sure it's strong but memorable!

Example initialization process:

vaulty init
Welcome to Vaulty! Creating a new vault... Please enter a master password: ******** Confirm master password: ******** 🔐 Master password set! Remember this password - it cannot be recovered if lost. Creating vault... Initializing configuration... Setting up secure environment... ✅ Vault created successfully! Your vault is ready to use. Start by adding your first secret: vaulty add github

Adding Your First Secret

Let's add your first password to the vault:

vaulty add github

You'll be prompted to enter your GitHub username and password. Vaulty will securely store this information in your encrypted vault.

vaulty add github
Adding new password entry: github Username: janedoe Password: *********** URL [optional]: https://github.com Notes [optional]: My primary GitHub account Would you like to add tags? [y/N]: y Tags (comma-separated): work,dev,git Added 'github' to vault. Entry ID: 01F3GH5T67J8K9L0MN1O2P3Q4R

You can also generate a strong password while adding a new entry:

vaulty add gitlab --generate
Adding new password entry: gitlab Username: janedoe Generated password: W4!zP9&kL2@cS5$vB8*jR3 (copied to clipboard) URL [optional]: https://gitlab.com Notes [optional]: Work GitLab account Would you like to add tags? [y/N]: y Tags (comma-separated): work,git Added 'gitlab' to vault. Entry ID: 02G4HI6U78J9K0L1MN2O3P4Q5

Retrieving a Secret

To retrieve a stored secret:

vaulty get github

This will display the username and password for your GitHub account:

vaulty get github
Entry: github (password) Created: 2023-04-15 09:22:33 Last modified: 2023-04-15 09:22:33 Tags: work, dev, git Username: janedoe Password: *********** URL: https://github.com Notes: My primary GitHub account

If you only need a specific field, like the password:

vaulty get github --field password
Password: ***********

Or to copy the password directly to your clipboard:

vaulty get github --field password --copy
Password copied to clipboard. Will be cleared in 30 seconds.

Listing All Secrets

To see all stored secrets in your vault:

vaulty list
+------------+------------+------------------+---------------------+-------------+ | NAME | TYPE | TAGS | LAST MODIFIED | ID | +------------+------------+------------------+---------------------+-------------+ | github | password | work, dev, git | 2023-04-15 09:22:33 | 01F3GH5T... | | gitlab | password | work, git | 2023-04-15 09:25:47 | 02G4HI6U... | | aws-dev | password | work, cloud | 2023-04-15 09:30:12 | 03H5IJ7V... | | ssh-key | note | work, server | 2023-04-15 09:35:26 | 04I6JK8W... | | wifi-home | password | personal | 2023-04-15 09:40:33 | 05J7KL9X... | +------------+------------+------------------+---------------------+-------------+ 5 items

Filter by tags or type:

vaulty list --tag work
+------------+------------+------------------+---------------------+-------------+ | NAME | TYPE | TAGS | LAST MODIFIED | ID | +------------+------------+------------------+---------------------+-------------+ | github | password | work, dev, git | 2023-04-15 09:22:33 | 01F3GH5T... | | gitlab | password | work, git | 2023-04-15 09:25:47 | 02G4HI6U... | | aws-dev | password | work, cloud | 2023-04-15 09:30:12 | 03H5IJ7V... | | ssh-key | note | work, server | 2023-04-15 09:35:26 | 04I6JK8W... | +------------+------------+------------------+---------------------+-------------+ 4 items

Command Reference

Tip

You can always access the built-in help with vaulty --help or get detailed information about a specific command with vaulty [command] --help.

vaulty init
Initialize a new vault with encryption key derived from your master password.
Example:
vaulty init
--force, -f
Force re-initialization (warning: this will delete existing vault)
--config PATH
Set custom configuration directory
vaulty add <name>
Add a new secret to the vault.
Example:
vaulty add netflix
--generate, -g
Generate a secure password
--length LEN
Length of generated password (default: 20)
--type TYPE
Type of secret (password, note, card) (default: password)
--tag, -t TAG
Add tags to the entry (can be specified multiple times)
vaulty get <name>
Retrieve and display a secret from the vault.
Example:
vaulty get github
--field, -f FIELD
Only display the specified field (username, password, url, notes)
--copy, -c
Copy the password or specified field to clipboard
--json
Output in JSON format
vaulty list
List all secrets in the vault.
Example:
vaulty list
--tag, -t TAG
Filter by tag
--type TYPE
Filter by type (password, note, card)
--json
Output in JSON format
vaulty edit <name>
Edit an existing secret.
Example:
vaulty edit github
--field, -f FIELD
Only edit the specified field
--generate, -g
Generate a new password
vaulty remove <name>
Remove a secret from the vault.
Example:
vaulty remove old-account
--force, -f
Skip confirmation prompt
vaulty generate
Generate a secure password without storing it.
Example:
vaulty generate --length 16
--length, -l LEN
Password length (default: 20)
--no-symbols
Exclude symbols from generated password
--copy, -c
Copy the generated password to clipboard
vaulty sync
Synchronize vault with remote server.
Example:
vaulty sync
--force, -f
Force sync (override merge conflicts)

Vault Management

Backing Up Your Vault

It's crucial to regularly back up your vault. Even though Vaulty encrypts all your data, having a backup provides additional protection against data loss.

To create a backup of your vault:

vaulty backup ~/vaulty-backup-$(date +%Y%m%d).enc
Enter master password: ******** Creating encrypted backup... Backup created successfully: /home/user/vaulty-backup-20230415.enc

To restore from a backup:

vaulty restore ~/vaulty-backup-20230415.enc
Enter master password for backup: ******** Restoring from backup... Vault restored successfully from backup!
Important

Restoring from a backup will overwrite your current vault. Make sure you're certain before proceeding.

Changing Your Master Password

It's a good security practice to periodically change your master password:

vaulty change-master
Enter current master password: ******** Enter new master password: ******** Confirm new master password: ******** Recalculating encryption keys... Re-encrypting vault contents... ✅ Master password changed successfully!

Synchronizing Across Devices

Vaulty supports secure synchronization of your vault across multiple devices through its built-in sync capability:

vaulty sync
Authenticating with sync server... Checking for changes... Downloading latest vault state... Merging changes... Uploading local changes... ✅ Sync completed successfully. 7 items synced.

To set up sync on a new device, you'll need to initialize a new vault and then link it to your existing vault:

vaulty init vaulty sync --link
Please enter your Vaulty Account credentials: Email: [email protected] Password: ******** Retrieving account information... Downloading vault metadata... Merging with local vault... ✅ Sync completed successfully. Your vault is now linked to your account.

Importing from Other Password Managers

Vaulty supports importing from several popular password managers:

vaulty import lastpass export.csv
Importing from LastPass export... Found 53 entries. Importing... ✅ Import completed! 53 entries added to your vault.

Supported import formats:

  • LastPass (CSV)
  • 1Password (1PIF or CSV)
  • Bitwarden (JSON)
  • KeePass (XML)
  • Dashlane (CSV)
  • Generic CSV (requires column mapping)

Security Model

Encryption Architecture

Vaulty uses a modern, zero-knowledge encryption architecture to ensure your data remains secure:

  • AES-256-GCM - Industry-standard symmetric encryption with authenticated encryption
  • Argon2id - State-of-the-art key derivation function for password stretching
  • Zero-knowledge design - Your master password and decryption keys never leave your device
  • HMAC verification - Tamper-proof data integrity validation
  • Secure remote synchronization - Only encrypted data is transferred over the network

Each secret in your vault is individually encrypted with its own encryption key, which is derived from your master password using a key derivation function designed to be computationally expensive for attackers.

Local Security

Vaulty implements several additional security measures to protect your data locally:

  • Memory protection - Sensitive data is cleared from memory after use
  • Auto-lock - Vault automatically locks after a period of inactivity
  • Secure clipboard handling - Automatic clipboard clearing after passwords are copied
  • No cache or temporary files - Decrypted data is never written to disk

Zero-Knowledge Synchronization

When synchronizing your vault across devices, Vaulty ensures that:

  • Only encrypted data is transmitted to the server
  • The server never has access to your master password or encryption keys
  • All communication with the server is encrypted using TLS
  • Metadata is minimized to reduce information exposure

This approach ensures that even if the sync server were compromised, your secrets would remain secure.

Open Source

Vaulty's security model is strengthened by its open source nature:

  • The entire codebase is available for public review
  • Security researchers can verify the implementation
  • Cryptographic implementations use audited, widely-reviewed libraries
  • Regular security audits are performed by third-party experts

You can review the source code at: https://github.com/vaulty/vaulty

Troubleshooting

Common Issues

Cannot unlock vault: "Invalid master password"

This typically occurs when the master password is entered incorrectly. Remember that passwords are case-sensitive.

  • Ensure Caps Lock is not enabled
  • Try alternative keyboard layouts if you're using special characters
  • If you've recently changed your master password, make sure you're using the current one
  • As a last resort, restore from your most recent backup
Sync fails with "Network error"

Synchronization issues are typically related to network connectivity or authentication problems:

  • Check your internet connection
  • Verify your Vaulty account credentials
  • Try again later as the service might be temporarily unavailable
  • Run vaulty doctor to diagnose connectivity issues
Corrupted vault file

If your vault becomes corrupted (rare, but possible):

  • Run vaulty repair to attempt automatic repair
  • Restore from a backup using vaulty restore
  • If you have sync enabled, reinstall Vaulty and sync from the server
Permission errors on Windows

Windows users may occasionally encounter permission issues:

  • Run the terminal as Administrator (temporarily)
  • Check the permissions on your Vaulty config directory
  • Verify you're not installing in a restricted location
  • Try reinstalling Vaulty with --user flag

Diagnostic Tools

Vaulty includes built-in diagnostic tools to help you identify and resolve issues:

vaulty doctor
Running Vaulty diagnostics... ✅ Vaulty installation: OK (v1.2.3) ✅ Configuration directory: Properly initialized ✅ Permissions: Correct ✅ Vault integrity: Valid ✅ Network connectivity: OK ✅ Sync status: Last successful sync 2 hours ago

For more verbose output, you can run:

vaulty doctor --verbose