sef)End-to-end encrypted file storage from your terminal. Same guarantees as the web app: files encrypt in your shell before they leave the machine, and the server never has the keys to decrypt them.
curl -fsSL https://www.sefaly.com/install.sh | sh
The script detects your OS and architecture, downloads the matching release from GitHub, verifies its SHA-256 against the published checksums, and drops the sef binary in ~/.local/bin. It won’t touch sudo or modify your shell config.
If you’d rather not pipe a remote script into sh (fair), inspect it first: /install.sh. It’s about 130 lines of POSIX shell. Or use the manual install below.
Grab sef_<version>_windows_amd64.zip from the latest release, extract sef.exe, and add the containing folder to your PATH.
Download a release manually:
sef_0.1.0_linux_amd64.tar.gz).sha256sums.txt from the same release.sef on your PATH.Requires Go 1.26+.
git clone https://github.com/shokace/sefaly-cli cd sefaly-cli go build -o sef . mv sef /usr/local/bin/
sef login # opens a browser, approve the device sef whoami # confirm you're signed in sef ls # list files + folders at the root sef upload report.pdf --to Documents sef download Documents/report.pdf --out ./report.pdf sef logout # revoke this device's token
Run sef --help for the full command list. Each subcommand has its own --help with examples.
For interactive browsing, sef gui launches a two-pane file-manager TUI in your terminal. Arrow keys to navigate, Enter to descend, c or F5 to copy between panes, q to quit.
Sefaly is zero-knowledge: your password and your private key never reach the server, web app or CLI. The CLI uses a device-flow ceremony:
sef login generates an ephemeral ML-KEM-768 keypair and asks the server to mint a one-time user code.From then on, the CLI calls the API with a bearer token and decrypts files locally with its copy of your private key. The server only ever sees a SHA-256 hash of the token.