How to Encrypt a File on the Command Line

Discover the easiest command line tool to encrypt and decrypt a file or stdin

(1) Install this CLI:

# Install peacemakr
brew tap peacemakr-io/peacemakr
brew install peacemakr

(2) Authenticate to fetch your encryption keys:

# Authenticate to Peacemakr's Demo Org for access to demo keys

(3) Encrypt your file:

peacemakr -encrypt --inputFileName to-encrypt.txt --outputFileName encrypted.txt

Decrypt your file:

peacemakr -decrypt --inputFileName encrypted.txt --outputFileName decrypted.txt

Or even Encrypt and Decrypt with standard input:

echo "Hello Encrypted World" | peacemakr -encrypt

Wait. What key was used to encrypt?

If you haven’t done so already, you need to signup for a free account to use your own keys, or else you’re just using the publicly availabledemo-keys which are not secure.

Sounds Complex? It is.

Encrypting data is difficult and dangerous without the proper controls in place. It’s easy to lose track of keys, hard-code configurations, or even rotate keys in a timely manner. There are some great reads out there to help navigate this space.

Can I encrypt and decrypt offline?

Yes, as long as your client already has downloaded at least one valid key from your Key Derivers.

Is there an SDK to programmatically encrypt and decrypt data?

Yes, as of 2021, Peacemakr support 6 SDKs including,

Free Tier? What’s the catch?

No catch, you can use the Free Tier forever. You do have to stay within the 1,000 API calls/month limit, but most startups and small businesses can get away with those that and never worry about paying.

Where can I learn more?

Visit or say hi.

15+ Years experience leading security, Ex-Apple, Ex-Pure Storage, Ex-Symphony Communications, Co-Founder and CEO of Peacemakr, Lives in San Francisco.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store