vaulter-cli 0.2.1 → 2.3.1

package/README.md

@@ -30,11 +30,18 @@ vaulter add my-openai-key
 # Remove a key
 vaulter remove my-openai-key
 
+# View decrypted values in your terminal
+vaulter view STRIPE_SECRET
+vaulter view KEY1 KEY2
+
 # Generate a .env file from your vault
 vaulter make .env
 
 # Upload a local .env file to your vault
 vaulter save .env
+
+# Initialize current directory as a Vaulter project
+vaulter init
 ```
 
 ## Commands
@@ -46,11 +53,32 @@ vaulter save .env
 | `vaulter ls` | List all API keys in your vault |
 | `vaulter add <name>` | Add a new API key to your vault |
 | `vaulter remove <name-or-id>` | Remove an API key from your vault |
+| `vaulter view [key_names...]` | Decrypt and display one or more API keys in your terminal |
 | `vaulter make [file]` | Generate a .env file from your vault keys |
 | `vaulter save [file]` | Upload a local .env file to your vault |
+| `vaulter init` | Initialize current directory as a Vaulter project |
 | `vaulter web-app` | Open the Vaulter web app in your browser |
 | `vaulter help` | Show all available commands |
 
+## Viewing Keys
+
+### `vaulter view [key_names...]`
+
+Decrypt and print key values directly to your terminal — without writing them to a file.
+
+```bash
+# Interactive: select which keys to view via checkbox
+vaulter view
+
+# View a specific key by name
+vaulter view STRIPE_SECRET
+
+# View multiple keys at once
+vaulter view STRIPE_SECRET OPENAI_API_KEY
+```
+
+Key names are matched case-insensitively. If a name doesn't match any key in your vault, a warning is printed and the rest continue. A security reminder is shown below the output table — clear your terminal when done.
+
 ## .env Support
 
 ### `vaulter make [file]`
@@ -80,6 +108,25 @@ vaulter save
 vaulter save .env.production
 ```
 
+## Project Initialization
+
+### `vaulter init`
+
+Initialize the current directory as a Vaulter project. This creates a `.vaulter/config.json` file that associates the directory with a named project, and automatically adds `.vaulter/` to your `.gitignore` if one exists.
+
+```bash
+# Interactive setup (prompts for project name)
+vaulter init
+
+# Non-interactive, use directory name as project name
+vaulter init --yes
+
+# Specify a project name directly
+vaulter init --name my-project
+```
+
+After initialization, if no `.env` is found and you're signed in, you'll be offered the option to generate one from your vault immediately.
+
 ## Authentication
 
 Vaulter uses browser-based device auth. Running `vaulter sign-in` opens your browser where you log in, and the CLI receives a token automatically. Credentials are stored locally at `~/.vaulter/credentials.json` with restricted file permissions.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vaulter-cli",
-  "version": "0.2.1",
+  "version": "2.3.1",
   "description": "CLI tool for Vaulter - Secure API Key Manager",
   "author": "faris-sait",
   "repository": {

package/postinstall.js

@@ -17,6 +17,7 @@ console.log(purple4 + '   Your keys. Your vault.' + reset);
 console.log('');
 console.log(purple + '  COMMANDS' + reset);
 console.log('');
+console.log('  ' + bold + white + 'vaulter init              ' + reset + dim + 'Initialize current directory as a Vaulter project' + reset);
 console.log('  ' + bold + white + 'vaulter sign-in           ' + reset + dim + 'Authenticate with Vaulter via browser' + reset);
 console.log('  ' + bold + white + 'vaulter sign-out          ' + reset + dim + 'Sign out and clear saved credentials' + reset);
 console.log('  ' + bold + white + 'vaulter ls                ' + reset + dim + 'List all API keys in your vault' + reset);

package/src/commands/help.js

@@ -16,6 +16,7 @@ export async function showHelp() {
   console.log('');
 
   const commands = [
+    { name: 'init',                desc: 'Initialize current directory as a Vaulter project' },
     { name: 'sign-in',             desc: 'Authenticate with Vaulter via browser' },
     { name: 'sign-out',            desc: 'Sign out and clear saved credentials' },
     { name: 'ls',                  desc: 'List all API keys in your vault' },

package/src/commands/init.js

@@ -0,0 +1,119 @@
+import fs from 'fs';
+import path from 'path';
+import inquirer from 'inquirer';
+import {
+  isInitialized,
+  getProjectConfig,
+  createDefaultConfig,
+  writeProjectConfig,
+  getProjectDirPath,
+} from '../lib/project.js';
+import { isAuthenticated } from '../lib/auth.js';
+import { success, error, warn, tip, dim, purple, bold, white } from '../lib/ui.js';
+
+export async function initProject(options = {}) {
+  const root = process.cwd();
+  const dirName = path.basename(root);
+  const yes = options.yes || false;
+
+  console.log('');
+
+  // Check if already initialized
+  if (isInitialized(root)) {
+    const existing = getProjectConfig(root);
+
+    if (existing) {
+      console.log(dim(`  Existing project: ${bold(existing.project?.name || 'unknown')}`));
+      console.log(dim(`  Created: ${existing.project?.createdAt || 'unknown'}`));
+      console.log('');
+    }
+
+    if (!yes) {
+      const { reinit } = await inquirer.prompt([
+        {
+          type: 'confirm',
+          name: 'reinit',
+          message: purple('.vaulter/ already exists. Re-initialize?'),
+          default: false,
+        },
+      ]);
+      if (!reinit) {
+        warn('Cancelled.');
+        console.log('');
+        return;
+      }
+    }
+  }
+
+  // Prompt for project name
+  let projectName = options.name || null;
+
+  if (!projectName && !yes) {
+    const { name } = await inquirer.prompt([
+      {
+        type: 'input',
+        name: 'name',
+        message: purple('Project name:'),
+        default: dirName,
+      },
+    ]);
+    projectName = name;
+  }
+
+  if (!projectName) {
+    projectName = dirName;
+  }
+
+  // Create config
+  const config = createDefaultConfig(projectName);
+
+  try {
+    writeProjectConfig(root, config);
+  } catch (err) {
+    error(`Failed to create .vaulter/config.json: ${err.message}`);
+    console.log('');
+    return;
+  }
+
+  success(`Initialized Vaulter project "${projectName}"`);
+
+  // Append .vaulter/ to .gitignore if it exists and doesn't already contain it
+  const gitignorePath = path.join(root, '.gitignore');
+  if (fs.existsSync(gitignorePath)) {
+    try {
+      const content = fs.readFileSync(gitignorePath, 'utf-8');
+      if (!content.includes('.vaulter/')) {
+        fs.appendFileSync(gitignorePath, '\n.vaulter/\n');
+        success('Added .vaulter/ to .gitignore');
+      }
+    } catch {
+      warn('Could not update .gitignore (non-fatal)');
+    }
+  }
+
+  // .env tips based on state
+  const envPath = path.join(root, '.env');
+  const envExists = fs.existsSync(envPath);
+
+  if (envExists) {
+    tip('Run `vaulter save` to upload your .env to the vault, or `vaulter make` to regenerate it.');
+  } else if (isAuthenticated()) {
+    console.log('');
+    const { generate } = await inquirer.prompt([
+      {
+        type: 'confirm',
+        name: 'generate',
+        message: purple('No .env found. Generate one from your vault?'),
+        default: true,
+      },
+    ]);
+    if (generate) {
+      const { makeEnv } = await import('./make.js');
+      await makeEnv(undefined, {});
+    }
+  } else {
+    tip('Run `vaulter sign-in` to connect your vault, then `vaulter make` to generate a .env.');
+  }
+
+  console.log('');
+}

package/src/commands/view.js

@@ -0,0 +1,112 @@
+import inquirer from 'inquirer';
+import ora from 'ora';
+import Table from 'cli-table3';
+import chalk from 'chalk';
+import { apiFetch } from '../lib/api.js';
+import { purple, dim, error, warn } from '../lib/ui.js';
+
+export async function viewKeys(names) {
+  const spinner = ora({ text: 'Fetching vault keys...', color: 'magenta' }).start();
+
+  let keys;
+  try {
+    const data = await apiFetch('/api/keys');
+    keys = data.keys || [];
+  } catch (err) {
+    spinner.fail('Failed to fetch keys');
+    error(err.message);
+    return;
+  }
+
+  spinner.stop();
+
+  if (keys.length === 0) {
+    console.log('');
+    warn('No keys in your vault. Run `vaulter add <name>` to add one.');
+    console.log('');
+    return;
+  }
+
+  let selected;
+
+  if (names.length === 0) {
+    // Interactive checkbox selection
+    console.log('');
+    const { selectedKeys } = await inquirer.prompt([
+      {
+        type: 'checkbox',
+        name: 'selectedKeys',
+        message: purple('Select keys to view:'),
+        choices: keys.map((k) => ({
+          name: `${k.name} ${dim(`(${k.masked_key})`)}`,
+          value: k,
+          checked: false,
+        })),
+      },
+    ]);
+
+    if (selectedKeys.length === 0) {
+      console.log('');
+      warn('No keys selected.');
+      console.log('');
+      return;
+    }
+
+    selected = selectedKeys;
+  } else {
+    // Match provided names case-insensitively
+    selected = [];
+    for (const name of names) {
+      const match = keys.find((k) => k.name.toLowerCase() === name.toLowerCase());
+      if (!match) {
+        warn(`No key found matching "${name}".`);
+      } else {
+        selected.push(match);
+      }
+    }
+
+    if (selected.length === 0) {
+      console.log('');
+      return;
+    }
+  }
+
+  // Decrypt each selected key
+  const decryptSpinner = ora({ text: `Decrypting ${selected.length} key(s)...`, color: 'magenta' }).start();
+
+  const rows = [];
+  for (const key of selected) {
+    try {
+      const data = await apiFetch(`/api/keys/${key.id}?decrypt=true`);
+      rows.push([chalk.white(key.name), chalk.hex('#a78bfa')(data.decrypted_key)]);
+    } catch (err) {
+      rows.push([chalk.white(key.name), dim('(failed to decrypt)')]);
+    }
+  }
+
+  decryptSpinner.stop();
+
+  const table = new Table({
+    head: [purple.bold('Name'), purple.bold('Decrypted Value')],
+    style: {
+      head: [],
+      border: ['dim'],
+    },
+    chars: {
+      'top': '─', 'top-mid': '┬', 'top-left': '┌', 'top-right': '┐',
+      'bottom': '─', 'bottom-mid': '┴', 'bottom-left': '└', 'bottom-right': '┘',
+      'left': '│', 'left-mid': '├', 'mid': '─', 'mid-mid': '┼',
+      'right': '│', 'right-mid': '┤', 'middle': '│',
+    },
+  });
+
+  for (const row of rows) {
+    table.push(row);
+  }
+
+  console.log('');
+  console.log(table.toString());
+  console.log('');
+  console.log(dim('  These values are sensitive. Clear your terminal when done.'));
+  console.log('');
+}

package/src/index.js

@@ -8,6 +8,8 @@ import { addKey } from './commands/add.js';
 import { removeKey } from './commands/remove.js';
 import { makeEnv } from './commands/make.js';
 import { saveEnv } from './commands/save.js';
+import { viewKeys } from './commands/view.js';
+import { initProject } from './commands/init.js';
 import { openWebApp } from './commands/web-app.js';
 import { showHelp } from './commands/help.js';
 import { printLogo } from './assets/logo.js';
@@ -19,7 +21,7 @@ const program = new Command();
 program
   .name('vaulter')
   .description('Vaulter CLI - Secure API Key Manager')
-  .version('0.2.1')
+  .version('2.3.1')
   .action(async () => {
     await showHelp();
   });
@@ -90,6 +92,26 @@ program
     await saveEnv(filename);
   });
 
+program
+  .command('view [key_names...]')
+  .description('Decrypt and display one or more API keys in your terminal')
+  .action(async (names) => {
+    if (!isAuthenticated()) {
+      error('Not authenticated. Run `vaulter sign-in` first.');
+      process.exit(1);
+    }
+    await viewKeys(names);
+  });
+
+program
+  .command('init')
+  .description('Initialize current directory as a Vaulter project')
+  .option('-n, --name <name>', 'Project name')
+  .option('-y, --yes', 'Non-interactive, use all defaults')
+  .action(async (options) => {
+    await initProject(options);
+  });
+
 program
   .command('web-app')
   .description('Open the Vaulter web app in your browser')

package/src/lib/project.js

@@ -0,0 +1,56 @@
+import fs from 'fs';
+import path from 'path';
+
+const VAULTER_PROJECT_DIR = '.vaulter';
+const CONFIG_FILE = 'config.json';
+
+export function getProjectDirPath(root = process.cwd()) {
+  return path.join(root, VAULTER_PROJECT_DIR);
+}
+
+export function getConfigFilePath(root = process.cwd()) {
+  return path.join(root, VAULTER_PROJECT_DIR, CONFIG_FILE);
+}
+
+export function isInitialized(root = process.cwd()) {
+  return fs.existsSync(getConfigFilePath(root));
+}
+
+export function getProjectConfig(root = process.cwd()) {
+  try {
+    const data = JSON.parse(fs.readFileSync(getConfigFilePath(root), 'utf-8'));
+    return data;
+  } catch {
+    return null;
+  }
+}
+
+export function ensureProjectDir(root = process.cwd()) {
+  const dirPath = getProjectDirPath(root);
+  if (!fs.existsSync(dirPath)) {
+    fs.mkdirSync(dirPath, { mode: 0o700 });
+  }
+}
+
+export function createDefaultConfig(name) {
+  const now = new Date().toISOString();
+  return {
+    version: 1,
+    project: {
+      name,
+      createdAt: now,
+      updatedAt: now,
+    },
+    sync: { enabled: false, remote: null },
+    env: { autoGenerate: false, filename: '.env', selectedKeys: [] },
+  };
+}
+
+export function writeProjectConfig(root, config) {
+  ensureProjectDir(root);
+  fs.writeFileSync(
+    getConfigFilePath(root),
+    JSON.stringify(config, null, 2) + '\n',
+    { mode: 0o600 }
+  );
+}