Quickstart — seal your first repo in 5 minutes
No terminal experience needed. Five steps, each with the exact command to type and the output you should see. At the end, your source code is encrypted inside your own Git repo, and only you can open it.
Install the CLI
Open your terminal (Terminal on macOS, PowerShell on Windows) and paste this. It installs one command,
sealrepo, that you can run from any folder:Any shell, any OS$npm install -g sealrepo# Check it worked — this should print a version number$sealrepo --version0.2.0If you see
command not found, Node.js isn't installed yet — grab it from nodejs.org and run the two commands again.Sign in (free account, no card)
sealrepo init,lock, andunlockall require you to be signed in, so do this once now. The command prints a link and offers to open it for you:In your shell$sealrepo loginOpen this URL in your browser to approve this device:https://sealrepo.dev/app/cli/pair?code=BX72-PQ4MPress ENTER to open in the browser...Waiting for approval ⠋✓Paired as [email protected]Press ENTER, and your browser opens sealrepo.dev. If you don't have an account yet, sign up right there (it's free), then click Approve. Back in the terminal, you'll see the green "Paired" line — you're signed in.
Turn your repo into a vault
A vault is just your repo with the source files encrypted in place. Go into the repo you want to protect and run
init:In your-repo/$cd your-repo$sealrepo initDetected ecosystem: node (package.json found)locked dir: vendor/will encrypt: **/*.ts, **/*.js, src/**Choose a passphrase (you'll type this whenever you unlock):Passphrase: ●●●●●●●●●●●●Confirm: ●●●●●●●●●●●●✓Vault initialized.✓Recovery code (write this down — only chance):correct-horse-battery-staple-purple-mountain-19-bridge-jazzTwo secrets just came into existence; here's what each one is for:
- Passphrase — the password you type every time you unlock; pick a long one and keep it in your password manager.
- Recovery code — the only way back in if you ever forget the passphrase; it is shown once, so print it or store it in a password manager now, before moving on.
Save the recovery code right nowIf you lose boththe passphrase and the recovery code, your encrypted code is unrecoverable — we never see your keys, so we can't reset them for you.Lock it
sealrepo lockencrypts every matching source file and replaces it with opaque encrypted blobs insidevendor/:Locking$sealrepo locklocking /home/you/your-repo✓locked 137 files into vendor/# Commit the sealed repo like you would any other change$git add .$git commit -m "Seal with sealrepo"Look in your repo: the readable source files are gone, and
vendor/holds files with random names full of random bytes. That's your code, encrypted.Unlock to work, lock when done
From now on, this is your daily rhythm — unlock to edit, lock when you step away:
Daily use$sealrepo unlockPassphrase: ●●●●●●●●●●●●✓unlocked 137 files# ...edit, build, run as usual...$sealrepo lock✓locked 137 files into vendor/
What just happened?
- Your source code is now encrypted inside the repo itself. Anyone who clones it — a leaked token, a scraper, an AI indexing run — sees only random bytes.
- Opening it takes two things: your account (the one that ran
init— a different account can't unlock this vault) and your passphrase. Sealrepo's servers never see your passphrase, your keys, or your plaintext code. - If you ever forget the passphrase,
sealrepo unlock --recoveryplus the recovery code you saved gets you back in — it works even offline, with no sign-in.