CLI Documentation
The CLI requires SSH access to the server running SharePwd. It is not available on sharepwd.io — it is designed for self-hosted instances.
Commands
pushEncrypt and share a secret
# Share a text secret sharepwd push "db_password=S3cureP@ss!" --burn --ttl 1h # Share a file sharepwd push -f secret.pdf --burn --ttl 24h # From stdin (pipe) echo "secret" | sharepwd push --burn # With passphrase protection sharepwd push -p "my secret" --ttl 1h # JSON output (for scripts) sharepwd push --json --ttl 1h "secret" 2>/dev/null | jq .url # Copy URL to clipboard directly sharepwd push "secret" 2>/dev/null | pbcopy
Flags
| Flag | Description |
|---|---|
| -f <path> | Path to a file to encrypt and share |
| -p | Protect with a passphrase (interactive prompt) |
| --burn | Burn after reading (destroyed after first view) |
| --ttl <duration> | Time to live (e.g. 5m, 1h, 24h, 7d) |
| --max-views <n> | Maximum number of views (0 = unlimited) |
| --server <url> | SharePwd server URL (default: https://sharepwd.io) |
| --json | Output as JSON on stdout |
pullRetrieve and decrypt a secret
# Retrieve a text secret sharepwd pull https://sharepwd.io/s/abc123#key456 # Retrieve a file sharepwd pull -o output.pdf https://sharepwd.io/f/abc123#key456 # With passphrase sharepwd pull -p https://sharepwd.io/s/abc123
Flags
| Flag | Description |
|---|---|
| -p | Decrypt with a passphrase (interactive prompt) |
| -o <path> | Output file path (for file secrets) |
| --server <url> | SharePwd server URL (default: https://sharepwd.io) |
| --json | Output as JSON on stdout |
deleteDelete a secret using its creator token
sharepwd delete --creator-token <token> https://sharepwd.io/s/abc123
versionShow version, commit and build date
sharepwd version
Self-Hosted Instances
Point the CLI to your own SharePwd server using the --server flag:
# Point to your own instance sharepwd push --server https://secrets.yourcompany.com "secret" --burn sharepwd pull --server https://secrets.yourcompany.com https://secrets.yourcompany.com/s/abc123#key
Exit Codes
| Code | Meaning |
|---|---|
| 0 | Success |
| 1 | Usage error (missing flags or arguments) |
| 2 | API error (network, HTTP 4xx/5xx) |
| 3 | Crypto error (decryption failure, wrong passphrase) |
| 4 | File I/O error |
Encryption
The CLI uses the exact same cryptographic primitives as the web frontend, ensuring full cross-compatibility.
- Secrets created in the CLI can be decrypted in the browser, and vice versa
- Algorithm: AES-256-GCM (256-bit key, 96-bit IV, 128-bit auth tag)
- Key derivation (passphrase): PBKDF2 with SHA-256, 600,000 iterations
- Without passphrase: random key embedded in URL fragment (#), never sent to server