johan
/
clavitor
1
0
Fork 0
Code Issues 7 Pull Requests Packages Projects Releases Wiki Activity
clavitor/clavis/clavis-cli/skill.md

2.4 KiB
Raw Blame History

name description
clavitor Access credentials, TOTP codes, and secrets stored in a Clavitor vault via clavitor-cli

Access credentials, TOTP codes, and secrets stored in a Clavitor vault.

When to use

Use this skill when you need to:

  • Look up a password, API key, or SSH credential
  • Generate a TOTP/2FA code
  • Store a new credential, note, card, or address
  • Update an existing credential

Commands

Get a credential

clavitor-cli get <query>

Searches by title. Returns all fields. L2 fields are decrypted locally. L3 fields (hardware-key-only) show [L3 -- requires hardware key].

List entries

clavitor-cli list            # all entries
clavitor-cli list <filter>   # search by title

Returns: entry_id, type, title (tab-separated).

Get a TOTP code

clavitor-cli totp <query>

Returns a live 6-digit TOTP code. Valid for 30 seconds.

Store or update an entry (upsert)

All put commands create if new, update if the title already exists.

# Credential
clavitor-cli put credential "GitHub" --username octocat --password hunter2 --url https://github.com

# Note
clavitor-cli put note "Deploy checklist" --text "1. Run tests 2. Tag release 3. Deploy"

# Card
clavitor-cli put card "Amex" --holder "Johan Jongsma" --number 378282246310005 --cvv 1234 --expiry 09/28

# Address
clavitor-cli put address "Office" --street "123 Main St" --city Springfield --state IL --zip 62704

JSON output

Add --json to any read command for machine-readable output:

clavitor-cli get github --json
clavitor-cli list --json

Encryption model

Fields are encrypted at different tiers:

  • L1 (plaintext on server): titles, URLs, usernames — you can read these
  • L2 (agent-decryptable): passwords, API keys, TOTP seeds — the CLI decrypts these locally
  • L3 (hardware-key-only): card numbers, CVV, passport, SSN — you cannot access these

When you put a credential, passwords and TOTP seeds are automatically encrypted as L2. Card numbers and CVV are encrypted as L2. L3 fields can only be set via the web UI with a hardware key.

Important

  • Do NOT try to read the vault database file directly. Use the CLI.
  • Do NOT store the vault's L2 key in files, logs, or conversation history.
  • The CLI must be initialized first: clavitor-cli init <token> (one-time setup).
  • All access is logged in the vault's audit trail.

Install this skill

clavitor-cli skill --install