CLI reference

Commands default to colored human-readable output. Many list/status commands accept --verbose / -v for full JSON; invoke also has dedicated json and markdown subcommands for structured output.

Command groups

Group	Purpose
Vault lifecycle	`status`, `init`, `unlock`, `lock`, `rotate-master`, `audit`
Secrets	`secrets create`, `list`, `update`, `rotate`, `delete`, `import`
Credentials	`credential create`, `list`, `delete`
Provider plugins	`provider list`, `install`, `enable`, `disable`, `remove`
Capabilities	`capability list`, `describe`, `create`, `delete`, `policy`, `bind`, `unbind`, `bindings`
Invoke	`invoke`, `json`, `markdown`
OAuth	`oauth setup`

Top-level shortcuts

These shortcuts avoid typing capability invoke ... for the most common operation:

aivault invoke <id> ...       # same as: aivault capability invoke <id>
aivault json <id> ...         # same as: aivault capability json <id>
aivault markdown <id> ...     # same as: aivault capability markdown <id>
aivault md <id> ...           # alias for markdown

Global behavior

Auto-initialization: if no vault exists, the first command that needs it will auto-initialize with safe defaults
Daemon boundary: on unix platforms, invoke commands connect to the aivaultd daemon (auto-started) for secret isolation. See Daemon
Output modes: human-readable (default); JSON via --verbose / -v on commands that support it; or structured JSON/markdown via the json/markdown subcommands

Start

Core

CLI

Security

Registry

Providers

Ops

Command groups

Top-level shortcuts

Global behavior

Start

Core

CLI

Security

Registry

Providers

Ops

Documentation Index

​Command groups

​Top-level shortcuts

​Global behavior

Command groups

Top-level shortcuts

Global behavior