tvc
CLI for Turnkey Verifiable Cloud - see this guide for example usage.
Installation
Authentication
For local use, run tvc login once and the CLI will read ~/.config/turnkey/ thereafter.
For programmatic use (GitHub Actions, etc.), set these three env vars to authenticate directly without touching disk:
| Env | Source |
|---|---|
TVC_ORG_ID |
your Turnkey organization UUID |
TVC_API_KEY_PUBLIC |
hex-encoded compressed P256 public key |
TVC_API_KEY_PRIVATE |
hex-encoded P256 private key |
When all three required vars are present, every command authenticates directly from env. Env vars take precedence over local config files. Setting some but not all is rejected.
The typical flow: run tvc login once locally to generate an API key, register the public key in the Turnkey dashboard, then store the values in your CI's secret store (e.g. TVC_API_KEY_PRIVATE as a GitHub Secret, the rest as GitHub Variables).
Some commands support environment variables and command-line flags for
programmatic use. Run command help, such as tvc deploy create --help, to see
the supported inputs and precedence for that command.
Usage
Create an App
# Login to Turnkey
# Generate app config template
# Edit my-app.json to fill in required values (quorumPublicKey, operator keys, etc.)
# Create the app
Create and Approve a Deployment
# Generate deployment config template
# Edit my-deploy.json to fill in required values (appId, container images, etc.)
# Create the deployment
# To create a deployment without a config file, see:
# Recommended: uses GetTvcDeployment to fetch manifest and manifest_id automatically
# Alternative: provide manifest file and IDs manually
# Save a single provisioning bundle JSON for later re-encryption / submission
# flows.