tofa init
Create a new encrypted vault. Run this once before any other command.
Synopsis
tofa init
Examples
Initialize the default vault:
$ tofa init
Choose a passphrase: ********
Confirm passphrase: ********
✓ vault created at /Users/you/Library/Application Support/tofa/vault.enc
Use a custom path:
$ tofa --vault ~/secrets/work-vault.enc init
Or via env var:
$ TOFA_VAULT=~/secrets/work-vault.enc tofa init
Notes
- Exit code
0on success. - Refuses to overwrite an existing vault file. Move or delete it first if you
really want to start over (consider
destroyfor that). - The passphrase is asked twice and must match. There is no recovery — losing the passphrase makes the vault unreadable forever.
See also
tofa rekey— change the passphrase later.tofa destroy— wipe the vault.- Vault & passphrase — broader explanation.