Official command-line interface for RETYC - send and manage file transfers directly from your terminal.
RETYC is a European sovereign file-sharing platform with end-to-end post-quantum encryption. Data stays in Europe, GDPR-compliant by design.
retyc-cli lets you integrate RETYC transfers into your scripts, pipelines and workflows - no browser required.
Download the binary for your platform from the latest release.
go install -tags prod github.com/retyc/retyc-cli@latestgit clone https://github.com/retyc/retyc-cli.git
cd retyc-cli
go build -tags prod -ldflags "-X github.com/retyc/retyc-cli/cmd.Version=$(git describe --tags --always)" -o retyc .# Docker Hub
docker pull retyc/retyc-cli:latest
# GitHub Container Registry
docker pull ghcr.io/retyc/retyc-cli:latest# 1. Authenticate (opens a browser tab, no password stored)
retyc auth login
# 2. Send a file
retyc transfer create report.pdf
# 3. List your transfers
retyc transfer ls
# 4. Download a transfer
retyc transfer download <transfer-id>| Command | Description |
|---|---|
retyc auth login |
Authenticate via OIDC device flow |
retyc auth status |
Check authentication status (silently refreshes token) |
retyc auth logout |
Sign out |
| Command | Description |
|---|---|
retyc transfer create <file> |
Create and send a new transfer |
retyc transfer info <id> |
Get transfer details |
retyc transfer ls |
List sent and received transfers |
retyc transfer download <id> |
Download a transfer |
retyc transfer enable <id> |
Enable a transfer |
retyc transfer disable <id> |
Disable a transfer |
Config and tokens are persisted in a named volume. The -it flags are required for interactive prompts (device flow, passphrase).
# Authenticate
docker run -it --rm -v retyc-config:/home/retyc/.config/retyc retyc/retyc-cli:latest auth login
# Send / list / download (mount current directory for file access)
docker run -it --rm \
-v retyc-config:/home/retyc/.config/retyc \
-v "$(pwd)":/data \
retyc/retyc-cli:latest transfer create /data/report.pdfTip:
alias retyc='docker run -it --rm -v retyc-config:/home/retyc/.config/retyc -v "$(pwd)":/data retyc/retyc-cli:latest'
Note: kernel keyring caching is not available in Docker (blocked by the default seccomp profile). The passphrase will be prompted on each invocation.
Credentials and config are stored in a platform-specific directory:
| Build | Config directory |
|---|---|
Production (-tags prod) |
~/.config/retyc/ (XDG Base Dir) |
| Development (default) | .retyc/ in the current directory |
Override at any time:
export RETYC_CONFIG_DIR=/path/to/configCreate config.yaml to override defaults:
api:
base_url: https://api.retyc.com| Flag | Short | Description |
|---|---|---|
--config <file> |
Use a specific config file | |
--insecure |
-k |
Skip TLS certificate verification |
--debug |
Enable debug mode |
- Authentication: OIDC device flow - no password ever stored locally
- File data + metadata: end to end encrypted with AGE post-quantum hybrid keys
- Private key caching (Linux only): the decrypted AGE identity in the kernel session keyring (never written to disk). It is scoped to the current terminal session, isolated from other users and sessions, and automatically wiped after a configurable TTL (default: 60sec).
- Transport: TLS enforced by default
| Feature | Status |
|---|---|
| Create | ✅ |
| Info | ✅ |
| List (inbox / sent) | ✅ |
| Download | ✅ |
| Enable/Disable | ✅ |
| Feature | Status |
|---|---|
| Create / Info / List | 🔜 |
| User management | 🔜 |
| File management (CRUD + versions) | 🔜 |
| Feature | Status |
|---|---|
| User management (invitations, roles) | 🔜 |
# Run in dev mode
go run . --help
# Run tests
go test -race ./...
# Production build
go build -tags prod -ldflags "-X github.com/retyc/retyc-cli/cmd.Version=v0.1.0" -o retyc .MIT - © RETYC / TripleStack SAS