Sealrepo
Sign inStart free
Recovery & safety

Permanently remove sealrepo from a project

Sometimes you just want your unencrypted source back. `sealrepo remove` is the only way to do it; everything else (unlink, unlock, panic) leaves the vault in place.

This is irreversible
sealrepo remove deletes the vault on disk, removes the local config, and tells the server to log + email the project owner. There is no undo. The CLI requires a typed yes-remove confirmation for exactly this reason.

What “remove” actually means

Three different commands look similar on the surface. Each does something different:

  • sealrepo link --remove only forgets the dashboard association on this checkout. The vault on disk is untouched, the paid project slot is still consumed.
  • Delete project on the dashboard releases the paid slot. The local vault is left intact. Owner-only.
  • sealrepo remove is the one that actually uninstalls sealrepo from this repository: decrypts the locked files back to plaintext, deletes vendor/ and .sealreporc.json, clears the cached session, and (when the project is linked) emails the project owner before any local change happens.

  1. Run the command

    From inside the repo on your machine:

    Interactive removal
    $sealrepo remove
    You are about to permanently remove sealrepo from:
    /Users/you/your-repo
    This project is linked to “acme-billing” (prj_4f9a8b2c1d0e).
    → The project owner will be notified by email.
    Your source files will be decrypted back to plaintext before removal.
    Type yes-remove to confirm yes-remove
    Passphrase (to confirm ownership): ••••••••
    sealrepo removed from this project.
    Restored 137 files to plaintext.
    Notified the owner of “acme-billing” by email.

    The passphrase prompt comes afterthe confirmation. We re-verify it even if you have an unlocked session, because removing sealrepo is irreversible and “the laptop was already unlocked” is a real attack model. Use --session-ok if you really want to skip the re-verification.

  2. What gets removed locally

    • The locked directory (vendor/ by default — whatever lockedDir is in your config).
    • .sealreporc.json (and the legacy .vaultlinerc.json if present).
    • The session cache for this project root.

    What stays: your decrypted source files. By default, sealrepo remove runs a full unlock first so every locked file lands back as plaintext exactly where it lived before sealrepo init.

  3. What the owner gets emailed

    When the project is linked, the owner gets an email within seconds with: the project name, the actor's hostname / OS / CLI version, the timestamp, whether --burnwas used, and whether the reported local-repo fingerprint matches what the server has on file. The same information is recorded in the dashboard's audit timeline as a project.remove event, so even if the email gets lost there's a permanent record.

    If the owner is the one running it
    The email's subject line is different (“You removed sealrepo...” vs. “Someone removed sealrepo...”), and the body skips the “rotate your secrets” advice. It's a confirmation, not an alert.

Flags

All the ways to call it
$sealrepo remove --confirm yes-remove
# Skip the interactive prompt. Use in CI / scripted teardown.
$sealrepo remove --burn --confirm yes-remove
# DOES NOT decrypt before removal. Plaintext source is gone forever.
$sealrepo remove --offline
# Required when the project is linked AND the server is unreachable.
# We refuse without this flag so a hostile actor can’t bypass the owner email by cutting the network.
$sealrepo remove --session-ok
# Accept a cached unlocked session instead of re-typing the passphrase. Skip this unless you know what you’re doing.
$SEALREPO_PASSPHRASE="..." sealrepo remove --confirm yes-remove
# Non-interactive teardown. Useful for terraform destroy / CI cleanup hooks.

When the CLI refuses

  • SEALREPO_REMOVE_OFFLINE — project is linked but we couldn't reach sealrepo.dev. Confirm connectivity, or rerun with --offline to acknowledge that the owner will not be alerted.
  • SEALREPO_REMOVE_REJECTED — the server rejected the notice (usually a stale bearer token, or the project was already deleted on the dashboard). Run sealrepo whoami and sealrepo link --info to triage.
  • SEALREPO_WRONG_KEY — the passphrase you typed at the verification prompt doesn't match. Same key the rest of the CLI uses; if you forgot it, run sealrepo unlock --recovery first to confirm your recovery code still works, then sealrepo rotate to set a new passphrase before retrying remove.
What about the server-side project record?
sealrepo removenever deletes your project on the dashboard. The server still has the project and the paid slot is still counted. That's deliberate — releasing the slot has to be an explicit owner action so a leaked bearer token can't free billing on its own. After removing locally, head to the dashboard and click Delete project if you want the slot back.
Next
Troubleshooting