CLI Reference
Frostbite provides a powerful command line interface for encrypting, decrypting, and managing encrypted files.
This reference documents all available commands and options.
lock
Encrypts a file or directory using AES-256-GCM encryption.
Usage
frostbite lock <path> [options]
Arguments
| Argument |
Description |
<path> |
Path to the file or directory to encrypt |
Options
| Option |
Description |
-k, --key <key> |
Encryption key (will prompt if not provided) |
-e, --env <variable> |
Environment variable containing the encryption key |
-l, --license <license> |
License key for additional protection |
-d, --dry-run |
Show what would be encrypted without making changes |
Examples
# Encrypt a file
frostbite lock config.json --key mySecretKey
# Encrypt a directory
frostbite lock ./src/config --key mySecretKey
# Use environment variable for key
export FROST_KEY=mySecretKey
frostbite lock config.json --env FROST_KEY
# Add license key binding
frostbite lock config.json --key mySecretKey --license my-license-key
# Preview what would be encrypted
frostbite lock ./src --dry-run
unlock
Decrypts a file or directory that was encrypted with Frostbite.
Usage
frostbite unlock <path> [options]
Arguments
| Argument |
Description |
<path> |
Path to the file or directory to decrypt |
Options
| Option |
Description |
-k, --key <key> |
Decryption key (will prompt if not provided) |
-e, --env <variable> |
Environment variable containing the decryption key |
-l, --license <license> |
License key for additional protection |
-d, --dry-run |
Show what would be decrypted without making changes |
Examples
# Decrypt a file
frostbite unlock config.json.fbz --key mySecretKey
# Decrypt a directory
frostbite unlock ./src/config --key mySecretKey
# Use environment variable for key
export FROST_KEY=mySecretKey
frostbite unlock config.json.fbz --env FROST_KEY
# With license key binding
frostbite unlock config.json.fbz --key mySecretKey --license my-license-key
# Preview what would be decrypted
frostbite unlock ./src --dry-run
rekey
Re-encrypts files with a new key, allowing for key rotation without decrypting to disk.
Usage
frostbite rekey <path> [options]
Arguments
| Argument |
Description |
<path> |
Path to the file or directory to re-encrypt |
Options
| Option |
Description |
-k, --old-key <key> |
Old encryption key (will prompt if not provided) |
-n, --new-key <key> |
New encryption key (will prompt if not provided) |
--old-env <variable> |
Environment variable containing the old encryption key |
--new-env <variable> |
Environment variable containing the new encryption key |
--old-license <license> |
Old license key |
--new-license <license> |
New license key |
-d, --dry-run |
Show what would be re-encrypted without making changes |
Examples
# Re-encrypt a file
frostbite rekey config.json.fbz --old-key oldSecret --new-key newSecret
# Re-encrypt a directory
frostbite rekey ./src/config --old-key oldSecret --new-key newSecret
# Use environment variables for keys
export OLD_KEY=oldSecret
export NEW_KEY=newSecret
frostbite rekey config.json.fbz --old-env OLD_KEY --new-env NEW_KEY
# With license key binding
frostbite rekey config.json.fbz --old-key oldSecret --new-key newSecret --old-license old-license --new-license new-license
# Preview what would be re-encrypted
frostbite rekey ./src --old-key oldSecret --new-key newSecret --dry-run
watch
Watches files and automatically encrypts/decrypts them when they change. Ideal for live project environments.
Usage
frostbite watch <path> [options]
Arguments
| Argument |
Description |
<path> |
Path to the file or directory to watch |
Options
| Option |
Description |
-k, --key <key> |
Encryption/decryption key (will prompt if not provided) |
-e, --env <variable> |
Environment variable containing the key |
-l, --license <license> |
License key for additional protection |
--auto-encrypt |
Automatically encrypt files when they change (default: false) |
--auto-decrypt |
Automatically decrypt files when they change (default: true) |
Examples
# Watch a directory and automatically decrypt files
frostbite watch ./config --key mySecretKey
# Watch with auto-encryption (both ways)
frostbite watch ./config --key mySecretKey --auto-encrypt
# Use environment variable for key
export FROST_KEY=mySecretKey
frostbite watch ./config --env FROST_KEY
# With license key binding
frostbite watch ./config --key mySecretKey --license my-license-key