Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.capy.sc/llms.txt

Use this file to discover all available pages before exploring further.

Synopsis

capy kick <email>

Description

Removes <email> from the current organization. The service deletes their membership, and their local key.enc becomes cryptographically inert - the service will refuse to strip the outer wrap for a non-member. capy kick is O(1). No key rotation, no re-encryption of secrets for remaining members.

What kicking does

  • Revokes the ex-member’s ability to decrypt any secret in the org.
  • Takes effect on their next CLI call. Already-running processes they have in memory continue working until they terminate.
  • Leaves the master key unchanged for remaining members.

What kicking does not do

  • It doesn’t recall plaintext copies the user already read and stored elsewhere.
  • It doesn’t invalidate deploy tokens they may have minted (revoke those separately if you’re concerned).
  • It doesn’t rotate the master key. You only need to rotate if the ex-member captured the seed phrase.

Example

$ capy kick alice@example.com
 Removed alice@example.com from "Acme Corp".

  Their local key.enc is now cryptographically inert.
  If they captured plaintext values, rotate those through your normal process.

See also