salt-key.1 8.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335
  1. .\" Man page generated from reStructuredText.
  2. .
  3. .TH "SALT-KEY" "1" "May 21, 2020" "3001" "Salt"
  4. .SH NAME
  5. salt-key \- salt-key Documentation
  6. .
  7. .nr rst2man-indent-level 0
  8. .
  9. .de1 rstReportMargin
  10. \\$1 \\n[an-margin]
  11. level \\n[rst2man-indent-level]
  12. level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
  13. -
  14. \\n[rst2man-indent0]
  15. \\n[rst2man-indent1]
  16. \\n[rst2man-indent2]
  17. ..
  18. .de1 INDENT
  19. .\" .rstReportMargin pre:
  20. . RS \\$1
  21. . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
  22. . nr rst2man-indent-level +1
  23. .\" .rstReportMargin post:
  24. ..
  25. .de UNINDENT
  26. . RE
  27. .\" indent \\n[an-margin]
  28. .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
  29. .nr rst2man-indent-level -1
  30. .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
  31. .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
  32. ..
  33. .SH SYNOPSIS
  34. .INDENT 0.0
  35. .INDENT 3.5
  36. .sp
  37. .nf
  38. .ft C
  39. salt\-key [ options ]
  40. .ft P
  41. .fi
  42. .UNINDENT
  43. .UNINDENT
  44. .SH DESCRIPTION
  45. .sp
  46. Salt\-key executes simple management of Salt server public keys used for
  47. authentication.
  48. .sp
  49. On initial connection, a Salt minion sends its public key to the Salt
  50. master. This key must be accepted using the \fBsalt\-key\fP command on the
  51. Salt master.
  52. .sp
  53. Salt minion keys can be in one of the following states:
  54. .INDENT 0.0
  55. .IP \(bu 2
  56. \fBunaccepted\fP: key is waiting to be accepted.
  57. .IP \(bu 2
  58. \fBaccepted\fP: key was accepted and the minion can communicate with the Salt
  59. master.
  60. .IP \(bu 2
  61. \fBrejected\fP: key was rejected using the \fBsalt\-key\fP command. In
  62. this state the minion does not receive any communication from the Salt
  63. master.
  64. .IP \(bu 2
  65. \fBdenied\fP: key was rejected automatically by the Salt master.
  66. This occurs when a minion has a duplicate ID, or when a minion was rebuilt or
  67. had new keys generated and the previous key was not deleted from the Salt
  68. master. In this state the minion does not receive any communication from the
  69. Salt master.
  70. .UNINDENT
  71. .sp
  72. To change the state of a minion key, use \fB\-d\fP to delete the key and then
  73. accept or reject the key.
  74. .SH OPTIONS
  75. .INDENT 0.0
  76. .TP
  77. .B \-\-version
  78. Print the version of Salt that is running.
  79. .UNINDENT
  80. .INDENT 0.0
  81. .TP
  82. .B \-\-versions\-report
  83. Show program\(aqs dependencies and version number, and then exit
  84. .UNINDENT
  85. .INDENT 0.0
  86. .TP
  87. .B \-h, \-\-help
  88. Show the help message and exit
  89. .UNINDENT
  90. .INDENT 0.0
  91. .TP
  92. .B \-c CONFIG_DIR, \-\-config\-dir=CONFIG_dir
  93. The location of the Salt configuration directory. This directory contains
  94. the configuration files for Salt master and minions. The default location
  95. on most systems is \fB/etc/salt\fP\&.
  96. .UNINDENT
  97. .INDENT 0.0
  98. .TP
  99. .B \-u USER, \-\-user=USER
  100. Specify user to run salt\-key
  101. .UNINDENT
  102. .INDENT 0.0
  103. .TP
  104. .B \-\-hard\-crash
  105. Raise any original exception rather than exiting gracefully. Default is
  106. False.
  107. .UNINDENT
  108. .INDENT 0.0
  109. .TP
  110. .B \-q, \-\-quiet
  111. Suppress output
  112. .UNINDENT
  113. .INDENT 0.0
  114. .TP
  115. .B \-y, \-\-yes
  116. Answer \(aqYes\(aq to all questions presented, defaults to False
  117. .UNINDENT
  118. .INDENT 0.0
  119. .TP
  120. .B \-\-rotate\-aes\-key=ROTATE_AES_KEY
  121. Setting this to False prevents the master from refreshing the key session
  122. when keys are deleted or rejected, this lowers the security of the key
  123. deletion/rejection operation. Default is True.
  124. .UNINDENT
  125. .SS Logging Options
  126. .sp
  127. Logging options which override any settings defined on the configuration files.
  128. .INDENT 0.0
  129. .TP
  130. .B \-\-log\-file=LOG_FILE
  131. Log file path. Default: /var/log/salt/minion\&.
  132. .UNINDENT
  133. .INDENT 0.0
  134. .TP
  135. .B \-\-log\-file\-level=LOG_LEVEL_LOGFILE
  136. Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
  137. \fBdebug\fP, \fBinfo\fP, \fBwarning\fP, \fBerror\fP, \fBquiet\fP\&. Default:
  138. \fBwarning\fP\&.
  139. .UNINDENT
  140. .SS Output Options
  141. .INDENT 0.0
  142. .TP
  143. .B \-\-out
  144. Pass in an alternative outputter to display the return of data. This
  145. outputter can be any of the available outputters:
  146. .INDENT 7.0
  147. .INDENT 3.5
  148. \fBhighstate\fP, \fBjson\fP, \fBkey\fP, \fBoverstatestage\fP, \fBpprint\fP, \fBraw\fP, \fBtxt\fP, \fByaml\fP, and many others\&.
  149. .UNINDENT
  150. .UNINDENT
  151. .sp
  152. Some outputters are formatted only for data returned from specific functions.
  153. If an outputter is used that does not support the data passed into it, then
  154. Salt will fall back on the \fBpprint\fP outputter and display the return data
  155. using the Python \fBpprint\fP standard library module.
  156. .UNINDENT
  157. .INDENT 0.0
  158. .TP
  159. .B \-\-out\-indent OUTPUT_INDENT, \-\-output\-indent OUTPUT_INDENT
  160. Print the output indented by the provided value in spaces. Negative values
  161. disable indentation. Only applicable in outputters that support
  162. indentation.
  163. .UNINDENT
  164. .INDENT 0.0
  165. .TP
  166. .B \-\-out\-file=OUTPUT_FILE, \-\-output\-file=OUTPUT_FILE
  167. Write the output to the specified file.
  168. .UNINDENT
  169. .INDENT 0.0
  170. .TP
  171. .B \-\-out\-file\-append, \-\-output\-file\-append
  172. Append the output to the specified file.
  173. .UNINDENT
  174. .INDENT 0.0
  175. .TP
  176. .B \-\-no\-color
  177. Disable all colored output
  178. .UNINDENT
  179. .INDENT 0.0
  180. .TP
  181. .B \-\-force\-color
  182. Force colored output
  183. .sp
  184. \fBNOTE:\fP
  185. .INDENT 7.0
  186. .INDENT 3.5
  187. When using colored output the color codes are as follows:
  188. .sp
  189. \fBgreen\fP denotes success, \fBred\fP denotes failure, \fBblue\fP denotes
  190. changes and success and \fByellow\fP denotes a expected future change in configuration.
  191. .UNINDENT
  192. .UNINDENT
  193. .UNINDENT
  194. .INDENT 0.0
  195. .TP
  196. .B \-\-state\-output=STATE_OUTPUT, \-\-state_output=STATE_OUTPUT
  197. Override the configured state_output value for minion
  198. output. One of \(aqfull\(aq, \(aqterse\(aq, \(aqmixed\(aq, \(aqchanges\(aq or
  199. \(aqfilter\(aq. Default: \(aqnone\(aq.
  200. .UNINDENT
  201. .INDENT 0.0
  202. .TP
  203. .B \-\-state\-verbose=STATE_VERBOSE, \-\-state_verbose=STATE_VERBOSE
  204. Override the configured state_verbose value for minion
  205. output. Set to True or False. Default: none.
  206. .UNINDENT
  207. .SS Actions
  208. .INDENT 0.0
  209. .TP
  210. .B \-l ARG, \-\-list=ARG
  211. List the public keys. The args \fBpre\fP, \fBun\fP, and \fBunaccepted\fP will
  212. list unaccepted/unsigned keys. \fBacc\fP or \fBaccepted\fP will list
  213. accepted/signed keys. \fBrej\fP or \fBrejected\fP will list rejected keys.
  214. Finally, \fBall\fP will list all keys.
  215. .UNINDENT
  216. .INDENT 0.0
  217. .TP
  218. .B \-L, \-\-list\-all
  219. List all public keys. (Deprecated: use \fB\-\-list all\fP)
  220. .UNINDENT
  221. .INDENT 0.0
  222. .TP
  223. .B \-a ACCEPT, \-\-accept=ACCEPT
  224. Accept the specified public key (use \-\-include\-all to match rejected keys
  225. in addition to pending keys). Globs are supported.
  226. .UNINDENT
  227. .INDENT 0.0
  228. .TP
  229. .B \-A, \-\-accept\-all
  230. Accepts all pending keys.
  231. .UNINDENT
  232. .INDENT 0.0
  233. .TP
  234. .B \-r REJECT, \-\-reject=REJECT
  235. Reject the specified public key (use \-\-include\-all to match accepted keys
  236. in addition to pending keys). Globs are supported.
  237. .UNINDENT
  238. .INDENT 0.0
  239. .TP
  240. .B \-R, \-\-reject\-all
  241. Rejects all pending keys.
  242. .UNINDENT
  243. .INDENT 0.0
  244. .TP
  245. .B \-\-include\-all
  246. Include non\-pending keys when accepting/rejecting.
  247. .UNINDENT
  248. .INDENT 0.0
  249. .TP
  250. .B \-p PRINT, \-\-print=PRINT
  251. Print the specified public key.
  252. .UNINDENT
  253. .INDENT 0.0
  254. .TP
  255. .B \-P, \-\-print\-all
  256. Print all public keys
  257. .UNINDENT
  258. .INDENT 0.0
  259. .TP
  260. .B \-d DELETE, \-\-delete=DELETE
  261. Delete the specified key. Globs are supported.
  262. .UNINDENT
  263. .INDENT 0.0
  264. .TP
  265. .B \-D, \-\-delete\-all
  266. Delete all keys.
  267. .UNINDENT
  268. .INDENT 0.0
  269. .TP
  270. .B \-f FINGER, \-\-finger=FINGER
  271. Print the specified key\(aqs fingerprint.
  272. .UNINDENT
  273. .INDENT 0.0
  274. .TP
  275. .B \-F, \-\-finger\-all
  276. Print all keys\(aq fingerprints.
  277. .UNINDENT
  278. .SS Key Generation Options
  279. .INDENT 0.0
  280. .TP
  281. .B \-\-gen\-keys=GEN_KEYS
  282. Set a name to generate a keypair for use with salt
  283. .UNINDENT
  284. .INDENT 0.0
  285. .TP
  286. .B \-\-gen\-keys\-dir=GEN_KEYS_DIR
  287. Set the directory to save the generated keypair. Only works
  288. with \(aqgen_keys_dir\(aq option; default is the current directory.
  289. .UNINDENT
  290. .INDENT 0.0
  291. .TP
  292. .B \-\-keysize=KEYSIZE
  293. Set the keysize for the generated key, only works with
  294. the \(aq\-\-gen\-keys\(aq option, the key size must be 2048 or
  295. higher, otherwise it will be rounded up to 2048. The
  296. default is 2048.
  297. .UNINDENT
  298. .INDENT 0.0
  299. .TP
  300. .B \-\-gen\-signature
  301. Create a signature file of the master\(aqs public\-key named
  302. master_pubkey_signature. The signature can be sent to a minion in the
  303. master\(aqs auth\-reply and enables the minion to verify the master\(aqs public\-key
  304. cryptographically. This requires a new signing\-key\-pair which can be
  305. auto\-created with the \-\-auto\-create parameter.
  306. .UNINDENT
  307. .INDENT 0.0
  308. .TP
  309. .B \-\-priv=PRIV
  310. The private\-key file to create a signature with
  311. .UNINDENT
  312. .INDENT 0.0
  313. .TP
  314. .B \-\-signature\-path=SIGNATURE_PATH
  315. The path where the signature file should be written
  316. .UNINDENT
  317. .INDENT 0.0
  318. .TP
  319. .B \-\-pub=PUB
  320. The public\-key file to create a signature for
  321. .UNINDENT
  322. .INDENT 0.0
  323. .TP
  324. .B \-\-auto\-create
  325. Auto\-create a signing key\-pair if it does not yet exist
  326. .UNINDENT
  327. .SH SEE ALSO
  328. .sp
  329. \fBsalt(7)\fP
  330. \fBsalt\-master(1)\fP
  331. \fBsalt\-minion(1)\fP
  332. .SH AUTHOR
  333. Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
  334. .\" Generated by docutils manpage writer.
  335. .