johan
/
clavitor
1
0
Fork 0
Code Issues 7 Pull Requests Packages Projects Releases Wiki Activity
clavitor/clavis/clavis-cli/skill.md

84 lines
2.4 KiB
Markdown
Raw Permalink Blame History

---
name: clavitor
description: Access credentials, TOTP codes, and secrets stored in a Clavitor vault via clavitor-cli
---
Access credentials, TOTP codes, and secrets stored in a Clavitor vault.
## When to use
Use this skill when you need to:
- Look up a password, API key, or SSH credential
- Generate a TOTP/2FA code
- Store a new credential, note, card, or address
- Update an existing credential
## Commands
### Get a credential
```bash
clavitor-cli get <query>
```
Searches by title. Returns all fields. L2 fields are decrypted locally.
L3 fields (hardware-key-only) show `[L3 -- requires hardware key]`.
### List entries
```bash
clavitor-cli list # all entries
clavitor-cli list <filter> # search by title
```
Returns: entry_id, type, title (tab-separated).
### Get a TOTP code
```bash
clavitor-cli totp <query>
```
Returns a live 6-digit TOTP code. Valid for 30 seconds.
### Store or update an entry (upsert)
All `put` commands create if new, update if the title already exists.
```bash
# Credential
clavitor-cli put credential "GitHub" --username octocat --password hunter2 --url https://github.com
# Note
clavitor-cli put note "Deploy checklist" --text "1. Run tests 2. Tag release 3. Deploy"
# Card
clavitor-cli put card "Amex" --holder "Johan Jongsma" --number 378282246310005 --cvv 1234 --expiry 09/28
# Address
clavitor-cli put address "Office" --street "123 Main St" --city Springfield --state IL --zip 62704
```
### JSON output
Add `--json` to any read command for machine-readable output:
```bash
clavitor-cli get github --json
clavitor-cli list --json
```
## Encryption model
Fields are encrypted at different tiers:
- **L1** (plaintext on server): titles, URLs, usernames — you can read these
- **L2** (agent-decryptable): passwords, API keys, TOTP seeds — the CLI decrypts these locally
- **L3** (hardware-key-only): card numbers, CVV, passport, SSN — you cannot access these
When you `put` a credential, passwords and TOTP seeds are automatically encrypted as L2.
Card numbers and CVV are encrypted as L2. L3 fields can only be set via the web UI with a hardware key.
## Important
- Do NOT try to read the vault database file directly. Use the CLI.
- Do NOT store the vault's L2 key in files, logs, or conversation history.
- The CLI must be initialized first: `clavitor-cli init <token>` (one-time setup).
- All access is logged in the vault's audit trail.
## Install this skill
```bash
clavitor-cli skill --install
```
Reference in New Issue View Git Blame Copy Permalink