vaulter-cli 2.3.0 → 2.3.2

package/README.md

@@ -30,11 +30,18 @@ vaulter add my-openai-key
 # Remove a key
 vaulter remove my-openai-key
 
+# View decrypted values in your terminal
+vaulter view STRIPE_SECRET
+vaulter view KEY1 KEY2
+
 # Generate a .env file from your vault
 vaulter make .env
 
 # Upload a local .env file to your vault
 vaulter save .env
+
+# Initialize current directory as a Vaulter project
+vaulter init
 ```
 
 ## Commands
@@ -46,11 +53,32 @@ vaulter save .env
 | `vaulter ls` | List all API keys in your vault |
 | `vaulter add <name>` | Add a new API key to your vault |
 | `vaulter remove <name-or-id>` | Remove an API key from your vault |
+| `vaulter view [key_names...]` | Decrypt and display one or more API keys in your terminal |
 | `vaulter make [file]` | Generate a .env file from your vault keys |
 | `vaulter save [file]` | Upload a local .env file to your vault |
+| `vaulter init` | Initialize current directory as a Vaulter project |
 | `vaulter web-app` | Open the Vaulter web app in your browser |
 | `vaulter help` | Show all available commands |
 
+## Viewing Keys
+
+### `vaulter view [key_names...]`
+
+Decrypt and print key values directly to your terminal — without writing them to a file.
+
+```bash
+# Interactive: select which keys to view via checkbox
+vaulter view
+
+# View a specific key by name
+vaulter view STRIPE_SECRET
+
+# View multiple keys at once
+vaulter view STRIPE_SECRET OPENAI_API_KEY
+```
+
+Key names are matched case-insensitively. If a name doesn't match any key in your vault, a warning is printed and the rest continue. A security reminder is shown below the output table — clear your terminal when done.
+
 ## .env Support
 
 ### `vaulter make [file]`
@@ -80,6 +108,25 @@ vaulter save
 vaulter save .env.production
 ```
 
+## Project Initialization
+
+### `vaulter init`
+
+Initialize the current directory as a Vaulter project. This creates a `.vaulter/config.json` file that associates the directory with a named project, and automatically adds `.vaulter/` to your `.gitignore` if one exists.
+
+```bash
+# Interactive setup (prompts for project name)
+vaulter init
+
+# Non-interactive, use directory name as project name
+vaulter init --yes
+
+# Specify a project name directly
+vaulter init --name my-project
+```
+
+After initialization, if no `.env` is found and you're signed in, you'll be offered the option to generate one from your vault immediately.
+
 ## Authentication
 
 Vaulter uses browser-based device auth. Running `vaulter sign-in` opens your browser where you log in, and the CLI receives a token automatically. Credentials are stored locally at `~/.vaulter/credentials.json` with restricted file permissions.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vaulter-cli",
-  "version": "2.3.0",
+  "version": "2.3.2",
   "description": "CLI tool for Vaulter - Secure API Key Manager",
   "author": "faris-sait",
   "repository": {

package/src/commands/help.js

@@ -22,6 +22,7 @@ export async function showHelp() {
     { name: 'ls',                  desc: 'List all API keys in your vault' },
     { name: 'add <name>',          desc: 'Add a new API key to your vault' },
     { name: 'remove <name-or-id>', desc: 'Remove an API key from your vault' },
+    { name: 'view [key_names...]', desc: 'Decrypt and display one or more API keys in your terminal' },
     { name: 'make [file]',         desc: 'Generate a .env file from your vault keys' },
     { name: 'save [file]',         desc: 'Upload a local .env file to your vault' },
     { name: 'web-app',             desc: 'Open the Vaulter web app in your browser' },

package/src/commands/view.js

@@ -0,0 +1,112 @@
+import inquirer from 'inquirer';
+import ora from 'ora';
+import Table from 'cli-table3';
+import chalk from 'chalk';
+import { apiFetch } from '../lib/api.js';
+import { purple, dim, error, warn } from '../lib/ui.js';
+
+export async function viewKeys(names) {
+  const spinner = ora({ text: 'Fetching vault keys...', color: 'magenta' }).start();
+
+  let keys;
+  try {
+    const data = await apiFetch('/api/keys');
+    keys = data.keys || [];
+  } catch (err) {
+    spinner.fail('Failed to fetch keys');
+    error(err.message);
+    return;
+  }
+
+  spinner.stop();
+
+  if (keys.length === 0) {
+    console.log('');
+    warn('No keys in your vault. Run `vaulter add <name>` to add one.');
+    console.log('');
+    return;
+  }
+
+  let selected;
+
+  if (names.length === 0) {
+    // Interactive checkbox selection
+    console.log('');
+    const { selectedKeys } = await inquirer.prompt([
+      {
+        type: 'checkbox',
+        name: 'selectedKeys',
+        message: purple('Select keys to view:'),
+        choices: keys.map((k) => ({
+          name: `${k.name} ${dim(`(${k.masked_key})`)}`,
+          value: k,
+          checked: false,
+        })),
+      },
+    ]);
+
+    if (selectedKeys.length === 0) {
+      console.log('');
+      warn('No keys selected.');
+      console.log('');
+      return;
+    }
+
+    selected = selectedKeys;
+  } else {
+    // Match provided names case-insensitively
+    selected = [];
+    for (const name of names) {
+      const match = keys.find((k) => k.name.toLowerCase() === name.toLowerCase());
+      if (!match) {
+        warn(`No key found matching "${name}".`);
+      } else {
+        selected.push(match);
+      }
+    }
+
+    if (selected.length === 0) {
+      console.log('');
+      return;
+    }
+  }
+
+  // Decrypt each selected key
+  const decryptSpinner = ora({ text: `Decrypting ${selected.length} key(s)...`, color: 'magenta' }).start();
+
+  const rows = [];
+  for (const key of selected) {
+    try {
+      const data = await apiFetch(`/api/keys/${key.id}?decrypt=true`);
+      rows.push([chalk.white(key.name), chalk.hex('#a78bfa')(data.decrypted_key)]);
+    } catch (err) {
+      rows.push([chalk.white(key.name), dim('(failed to decrypt)')]);
+    }
+  }
+
+  decryptSpinner.stop();
+
+  const table = new Table({
+    head: [purple.bold('Name'), purple.bold('Decrypted Value')],
+    style: {
+      head: [],
+      border: ['dim'],
+    },
+    chars: {
+      'top': '─', 'top-mid': '┬', 'top-left': '┌', 'top-right': '┐',
+      'bottom': '─', 'bottom-mid': '┴', 'bottom-left': '└', 'bottom-right': '┘',
+      'left': '│', 'left-mid': '├', 'mid': '─', 'mid-mid': '┼',
+      'right': '│', 'right-mid': '┤', 'middle': '│',
+    },
+  });
+
+  for (const row of rows) {
+    table.push(row);
+  }
+
+  console.log('');
+  console.log(table.toString());
+  console.log('');
+  console.log(dim('  These values are sensitive. Clear your terminal when done.'));
+  console.log('');
+}

package/src/index.js

@@ -8,6 +8,7 @@ import { addKey } from './commands/add.js';
 import { removeKey } from './commands/remove.js';
 import { makeEnv } from './commands/make.js';
 import { saveEnv } from './commands/save.js';
+import { viewKeys } from './commands/view.js';
 import { initProject } from './commands/init.js';
 import { openWebApp } from './commands/web-app.js';
 import { showHelp } from './commands/help.js';
@@ -20,7 +21,7 @@ const program = new Command();
 program
   .name('vaulter')
   .description('Vaulter CLI - Secure API Key Manager')
-  .version('2.3.0')
+  .version('2.3.2')
   .action(async () => {
     await showHelp();
   });
@@ -91,6 +92,17 @@ program
     await saveEnv(filename);
   });
 
+program
+  .command('view [key_names...]')
+  .description('Decrypt and display one or more API keys in your terminal')
+  .action(async (names) => {
+    if (!isAuthenticated()) {
+      error('Not authenticated. Run `vaulter sign-in` first.');
+      process.exit(1);
+    }
+    await viewKeys(names);
+  });
+
 program
   .command('init')
   .description('Initialize current directory as a Vaulter project')