LoopCLI
Back to docsFeaturesPricingContact
Login / Sign Up
Back to docs
Account / Organizations And Vault

Organizations & Vault

LoopCLI is built for teams. Every account gets an organization with a hardened secrets vault so collaborators can ship automations without copy‑pasting .env files around.

How organizations work

  • Auto-created — When a new user signs up, LoopCLI creates an organization and seeds their first project.
  • Projects belong to orgs — Loops, secrets, executions, and billing are scoped to a project within an org.
  • Invite teammates — Use the dashboard (Team → Invite) or the API to add more members.

Roles

Role What they can do
Owner Full control: manage billing, invite/remove members, rekey vault, delete projects.
Manager Create/edit projects, run and deploy loops, manage secrets inside the vault.
Runner Execute loops and view run history. No access to rotate or export secrets.
Viewer Read-only access to dashboards and run logs. Ideal for stakeholders/auditors.

Tip: promote trusted teammates to Manager so they can rotate credentials without escalating to an owner.

Managing the vault

The vault encrypts every secret with AES‑256‑GCM and keeps a rotation log per entry. You can work from the CLI or the dashboard.

CLI flow

# Add or update a secret
loopcli secret add stripe-secret --value sk_live_...

# List & review current versions
loopcli secret list

# Share with teammates or back up encrypted values
loopcli secret export --output vault.json

# Review the audit trail or export to CSV
loopcli audit --limit 50 --csv vault-audit.csv

Secrets appear in loops as {{secret:stripe-secret}} and surface in CLI steps as uppercase environment variables (e.g. $STRIPE_SECRET). Hosted runners decrypt them moments before execution so plaintext never hits logs or disk.

Dashboard flow

  1. Open Vault in the dashboard.
  2. Choose Add Secret to paste a credential or import from JSON/CSV.
  3. Scroll to the Audit Trail card to review exports, imports, rekeys, and who performed them.
  4. Admins can trigger Rekey Vault when a new keyset is seeded.

Inviting teammates

  1. Visit Team in the dashboard.
  2. Click Invite member, enter an email, and choose their role.
  3. Pending invites appear until the user accepts; owners can resend or revoke.

API-first: POST /api/org/members lets you automate invitations from the CLI or internal tooling.

Audit trails

  • The Vault’s Audit Trail card surfaces exports, imports, rotations, and rekeys with actor and timestamp.
  • loopcli audit mirrors the same feed in the terminal and can export CSV snapshots for compliance reviews.
  • Need raw data? Query the vault_activity table in Supabase for long-term archival or cross-system ingestion.

Next steps

  • Browse featured connectors in the Connectors catalog to see which secrets each service needs.
  • Review the Security overview for architecture diagrams and rekey procedures.
  • Ready to scale usage? Owners can upgrade plans from the dashboard once billing is live.

Keep secrets centralized, keep loops versioned, and let your whole team automate confidently. The organization + vault combo is the foundation.***

Related Documentation

Continue learning with these related topics

Authentication

LoopCLI uses the same authentication layer as the dashboard. Tokens are scoped to your workspace and issued through the secure device-login flow.

Billing & Usage

LoopCLI plans include a weekly or monthly allowance of hosted actions. This guide explains how usage is calculated, when we notify you, and how overages are billed.

Roles and Permissions

LoopCLI uses a two-tier permission system to control access and capabilities:

Installation

Set up LoopCLI on macOS, Linux, or Windows in a few minutes.