Use fd0
Documentation
fd0.sh carries the user documentation. These pages cover the normal paths: install, unlock, store secrets, share scopes, sync, SSH, Talos, Kube, recovery, and basic self-hosting. The repository holds the technical specs.
Start here
Install the client, create a vault, store the first secret, and sync.
Concepts
The small vocabulary used by every fd0 command.
Daily use
Secrets, scopes, cards, membership, and local health checks.
SSH
Scope-shared SSH keys and host aliases through fd0-agent.
Talos and Kube
Store, render, merge, and share Talos and Kubernetes configs.
Sync
What sync sends, what it verifies, and how automatic refresh works.
Self-host
Run a primary, add a DR backup, and know where the full runbook lives.
Troubleshooting
Locked vaults, stale SSH sockets, missing hosts, and config refresh.
The normal path
$ curl -fsSL https://fd0.sh/install | sh $ fd0 init $ fd0 unlock $ fd0 scope create --label work $ fd0 set DEPLOY_KEY "ghp_xxxxxxxxxxxxxxxxxxxx" --scope work $ fd0 sync $ fd0 get DEPLOY_KEY --scope work
Where details live
Use these pages when you want to operate fd0. Use /spec or the GitHub files when you need exact wire formats, storage invariants, threat IDs, or benchmark baselines.