@otterseal/cli
v0.0.3
Published
🦦 OtterSeal CLI - Zero-knowledge encrypted secrets and notes from the command line
Readme
@otterseal/cli
🦦 OtterSeal - Zero-knowledge encrypted secrets CLI
Installation
# From the monorepo
pnpm install
# Or install globally (when published)
npm install -g @otterseal/cliUsage
Note Commands
# Read a note
oseal note read "my-note-title"
# Create or edit a note (opens $EDITOR if no content)
oseal note edit "my-note-title" "Hello, world!"
echo "Hello, world!" | oseal note edit "my-note-title"Secret Commands
# Create a one-time secret link
oseal secret send --content "This is a secret message"
# With custom expiration
oseal secret send --content "Secret" --expires 30m
oseal secret send --content "Secret" --expires 1d
oseal secret send --content "Secret" --expires 7d
# Self-destruct after reading
oseal secret send --content "Secret" --selfDestruct
# From stdin
echo "Secret content" | oseal secret send
# Reveal a secret
oseal secret reveal --url "https://otterseal.ycmj.bot/#/send/<uuid>"
# Check if secret exists without reading
oseal secret peek --url "https://otterseal.ycmj.bot/#/send/<uuid>"Configuration
Create ~/.oseal.json:
{
"server_url": "https://otterseal.ycmj.bot",
"editor": "vim"
}How It Works
All encryption happens client-side using AES-256-GCM:
- Note title → HKDF derivation → note ID (server only sees this)
- Note title → HKDF derivation → AES-256 key
- Content → encrypted with derived key → stored on server
The server never sees your plaintext content or titles.
Link Formats
- Current format (default):
https://otterseal.ycmj.bot/#/send/<uuid> - Legacy format still supported for reveal/peek:
https://otterseal.ycmj.bot/send/<id>#<key>