Install & Setup

This page walks you through everything you need before jumping into the quickstarts. By the end you’ll have an account, the CLI installed, a vault created, and your first file uploaded.

1. Create an account

Sign up at app.opentusk.ai. You’ll need an access code during early access.

Once signed in:

1. Connect your wallet — Go to Settings > Sui Wallet and link a Sui address. This is required for shared vault encryption.
2. Create a shared vault — Go to Vaults > New Vault and create your first shared vault. Shared vaults use SEAL encryption — only approved Sui addresses can decrypt files.

You can also create public vaults (unencrypted, shareable via URL) from the dashboard.

2. Install the CLI

npm install -g @opentusk/cli

Verify the installation:

opentusk --version

3. Run the setup wizard

opentusk setup

One interactive command handles everything — creating a new account, logging into an existing one, or onboarding an agent from an invite code. The wizard then offers to set up a Sui wallet (for shared vault encryption) and create a default vault.

The three branches

When you run opentusk setup, you pick one of three paths:

Create a new account

? What would you like to do?
  ❯ Create a new account      — sign up for OpenTusk
    Log in                    — existing account
    Set up an agent           — invite code from owner

? Email             [email protected]
? Password          ********
? Confirm password  ********
? Display name      (default: you)
? Access code       BETA2026     Get one at opentusk.ai
  ✔ Account created
  ✔ API key saved

You’ll also be prompted:

• Set up a Sui wallet for shared vaults? — generates an Ed25519 keypair and links it to your account.
• Create your first vault? — pick a name and visibility (public or private).

The wizard finishes with a summary card showing your account, plan, storage, Sui address, default vault, and config path.

Log in to existing account

? What would you like to do?
    Create a new account
  ❯ Log in                    — existing account
    Set up an agent

? How would you like to log in?
  ❯ Email & password  — sign in with credentials
    API key           — paste an existing key

Either path validates the credentials and stores a fresh API key in your CLI config. The same Sui-wallet and default-vault prompts follow.

Set up an agent (invite code)

? What would you like to do?
    Create a new account
    Log in
  ❯ Set up an agent           — invite code from owner

? Invite code    otinv_…     from your account owner
  ✔ Generated Sui keypair: 0x…
  ✔ Agent authenticated under [email protected]

The wizard generates (or reuses) a Sui keypair, redeems the invite, and locks the CLI into agent mode. The agent’s Sui key cannot be changed without logging out. See Invite Codes for how owners create and scope these codes.

Already logged in?

If you run opentusk setup with an existing session, it detects the state and offers to show a summary, log in as a different user, or exit — or fills in any missing optional pieces (Sui key, default vault).

4. Manual alternatives to the wizard

You can always skip the wizard and use single-purpose commands:

One-liner signup

opentusk signup [email protected] yourpassword --access-code BETA2026

API key login

opentusk login --api-key otk_your_key

Get an API key from app.opentusk.ai under Settings > API Keys.

Email & password login

opentusk login --email [email protected] --password yourpassword

Invite code redeem

opentusk login --invite-code otinv_abc123...

Verify your session:

opentusk whoami

5. Upload a file

opentusk upload report.pdf

Files go to your default vault. Use --vault to target a specific vault:

opentusk upload report.pdf --vault "My Vault"

List and download files:

opentusk ls
opentusk download <file-id> --output report-copy.pdf

Your file is hot — stored in a fast cache and immediately downloadable. In the background, OpenTusk syncs it to the Walrus decentralized network for durability.

uploading → hot → synced → cold
                    ↑ durable on Walrus

Track status with opentusk file status <file-id> --wait or webhooks.

6. Set up a new agent with invite codes

Invite codes let you onboard an AI agent with a single command. The agent gets its own API key and Sui keypair, scoped to your account.

1. Create an invite code

   opentusk invite create --name "my-agent"

   Copy the code (otinv_...) — it’s single-use and expires in 1 hour by default.

2. Redeem the code (on the agent’s machine)

   opentusk login --invite-code otinv_abc123...

   This generates a Sui keypair, creates an API key under your account, and stores everything in the agent’s CLI config.

3. Install MCP config for the agent’s tool

   opentusk mcp install-config --target claude-code

   Replace claude-code with claude-desktop or cursor depending on the agent.

You can also use the interactive setup wizard on the agent’s machine:

opentusk setup
# Choose "Set up an agent" → paste the invite code

Manage invite codes:

opentusk invite list                     # See all codes and their status
opentusk invite revoke <invite-code-id>  # Revoke an unused code

See Invite Codes for scopes, vault restrictions, and expiry options.

Next steps

Claude Code Connect Claude Code to OpenTusk via MCP.

Claude Desktop Connect Claude Desktop to OpenTusk via MCP.

Cursor Connect Cursor to OpenTusk via MCP.

OpenClaw Add OpenTusk storage to your OpenClaw agent.