sy vault init --help
sy-vault-init 
Initialize the vault in the current directory. If --gpg-key-id is unset, we will use the only key that you have a secret
key for, assuming it is yours.If you have multiple keys, the --gpg-key-id must be specified to make the input
unambiguous.

USAGE:
    sy vault --config-file <path> init [FLAGS] [OPTIONS]

FLAGS:
    -p, --first-partition    Setting this flag indicates that you want to add partitions later.It enforces a
                             configuration which makes your vault suitable, namely it assures that you set an explicit
                             secrets directory.
    -h, --help               Prints help information
        --no-auto-import     If set, missing keys will not automatically be imported to your keychain. This may make
                             attempts to encrypt resources fail.

OPTIONS:
    -i, --gpg-key-id <userid>...      The key-id of the public key identifying a recipient in your gpg keychain.
    -k, --gpg-keys-dir <directory>    The directory to hold the public keys of all recipients.Please note that these
                                      keys are exported with signatures. [default: .gpg-keys]
    -n, --name <name>                 The name of the vault. It can be used to identify the vault more easily, and its
                                      primary purpose is convenience.
    -r, --recipients-file <path>      The path to the file to hold the fingerprints of all recipients. If set to just
                                      the file name, like 'recipients', it will be interpreted as relative to the
                                      --secrets-dir. If a path is given, like './recipients', it is used as is.
                                      [default: .gpg-id]
    -s, --secrets-dir <path>          The directory which stores the vaults secrets. [default: .]
        --trust-model <model>         The model by which keys to encrypt for are verified to truly belong to the person.
                                      If unset, it defaults to 'always'.'always': whenever a key has been added to the
                                      vault, it is trusted without your intervention. 'web-of-trust': the standard GPG
                                      web of trust with default rules. In the most simple case, you will need to sign a
                                      key prior to be able to encrypt for it. [default: always]  [possible values: web-
                                      of-trust, always]