As explained in the How Cerby protects your data with cloud and local encryption article, Cerby stores your sensitive data in encrypted cloud vaults. If your organization leverages the local encryption scheme, vault data encryption keys (DEKs) are stored exclusively on trusted devices registered by Cerby's servers, and decryption happens decentralized on such devices.
Therefore, similar to using the other Cerby client apps, you must set up the Cerby CLI as a trusted device using its commands to strengthen the security of your items. This process is required to access encrypted attributes of items stored in local vaults.
To set up the Cerby CLI as a trusted device using its commands, you must complete the following steps:
Execute the following command to verify if the device has already been registered:
cerby-mac{os} register --statusIf the device is correctly registered, then the following is output:
Device is registered and approved
If the registry verification returns the
RemoteDeviceNotFoundErrorerror (or other), you must register the device correctly. Go to step 2 to continue registering the device.
Execute the following command to request a verification code to the email you have registered in Cerby:
cerby-mac{os} register --request-codeCopy the verification code from the email Cerby sent you.
IMPORTANT: The verification code expires in 5 minutes.
Execute the following command to verify the code:
cerby-mac{os} register --verification-code {code_from_your_email}NOTE: You might encounter the "
Error: Device already exists" error while executing this command if your machine has been previously verified. In that case, ignore the error and continue to step 4.Execute the following command to sync your account and secret data:
cerby-mac{os} sync
NOTES:
Read the Sync your data command documentation to learn more about how Cerby syncs data to your local machine.
Downloading your data might take some minutes, especially if it's the first time you execute the sync. The time also depends on the volume of data you have.