salt-key.1 8.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346
  1. .\" Man page generated from reStructuredText.
  2. .
  3. .TH "SALT-KEY" "1" "Apr 25, 2019" "2019.2.0-301-g6c02054" "Salt"
  4. .SH NAME
  5. salt-key \- salt-key Documentation
  6. .
  7. .nr rst2man-indent-level 0
  8. .
  9. .de1 rstReportMargin
  10. \\$1 \\n[an-margin]
  11. level \\n[rst2man-indent-level]
  12. level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
  13. -
  14. \\n[rst2man-indent0]
  15. \\n[rst2man-indent1]
  16. \\n[rst2man-indent2]
  17. ..
  18. .de1 INDENT
  19. .\" .rstReportMargin pre:
  20. . RS \\$1
  21. . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
  22. . nr rst2man-indent-level +1
  23. .\" .rstReportMargin post:
  24. ..
  25. .de UNINDENT
  26. . RE
  27. .\" indent \\n[an-margin]
  28. .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
  29. .nr rst2man-indent-level -1
  30. .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
  31. .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
  32. ..
  33. .SH SYNOPSIS
  34. .INDENT 0.0
  35. .INDENT 3.5
  36. .sp
  37. .nf
  38. .ft C
  39. salt\-key [ options ]
  40. .ft P
  41. .fi
  42. .UNINDENT
  43. .UNINDENT
  44. .SH DESCRIPTION
  45. .sp
  46. Salt\-key executes simple management of Salt server public keys used for
  47. authentication.
  48. .sp
  49. On initial connection, a Salt minion sends its public key to the Salt
  50. master. This key must be accepted using the \fBsalt\-key\fP command on the
  51. Salt master.
  52. .sp
  53. Salt minion keys can be in one of the following states:
  54. .INDENT 0.0
  55. .IP \(bu 2
  56. \fBunaccepted\fP: key is waiting to be accepted.
  57. .IP \(bu 2
  58. \fBaccepted\fP: key was accepted and the minion can communicate with the Salt
  59. master.
  60. .IP \(bu 2
  61. \fBrejected\fP: key was rejected using the \fBsalt\-key\fP command. In
  62. this state the minion does not receive any communication from the Salt
  63. master.
  64. .IP \(bu 2
  65. \fBdenied\fP: key was rejected automatically by the Salt master.
  66. This occurs when a minion has a duplicate ID, or when a minion was rebuilt or
  67. had new keys generated and the previous key was not deleted from the Salt
  68. master. In this state the minion does not receive any communication from the
  69. Salt master.
  70. .UNINDENT
  71. .sp
  72. To change the state of a minion key, use \fB\-d\fP to delete the key and then
  73. accept or reject the key.
  74. .SH OPTIONS
  75. .INDENT 0.0
  76. .TP
  77. .B \-\-version
  78. Print the version of Salt that is running.
  79. .UNINDENT
  80. .INDENT 0.0
  81. .TP
  82. .B \-\-versions\-report
  83. Show program\(aqs dependencies and version number, and then exit
  84. .UNINDENT
  85. .INDENT 0.0
  86. .TP
  87. .B \-h, \-\-help
  88. Show the help message and exit
  89. .UNINDENT
  90. .INDENT 0.0
  91. .TP
  92. .B \-c CONFIG_DIR, \-\-config\-dir=CONFIG_dir
  93. The location of the Salt configuration directory. This directory contains
  94. the configuration files for Salt master and minions. The default location
  95. on most systems is \fB/etc/salt\fP\&.
  96. .UNINDENT
  97. .INDENT 0.0
  98. .TP
  99. .B \-u USER, \-\-user=USER
  100. Specify user to run salt\-key
  101. .UNINDENT
  102. .INDENT 0.0
  103. .TP
  104. .B \-\-hard\-crash
  105. Raise any original exception rather than exiting gracefully. Default is
  106. False.
  107. .UNINDENT
  108. .INDENT 0.0
  109. .TP
  110. .B \-q, \-\-quiet
  111. Suppress output
  112. .UNINDENT
  113. .INDENT 0.0
  114. .TP
  115. .B \-y, \-\-yes
  116. Answer \(aqYes\(aq to all questions presented, defaults to False
  117. .UNINDENT
  118. .INDENT 0.0
  119. .TP
  120. .B \-\-rotate\-aes\-key=ROTATE_AES_KEY
  121. Setting this to False prevents the master from refreshing the key session
  122. when keys are deleted or rejected, this lowers the security of the key
  123. deletion/rejection operation. Default is True.
  124. .UNINDENT
  125. .SS Logging Options
  126. .sp
  127. Logging options which override any settings defined on the configuration files.
  128. .INDENT 0.0
  129. .TP
  130. .B \-\-log\-file=LOG_FILE
  131. Log file path. Default: /var/log/salt/minion\&.
  132. .UNINDENT
  133. .INDENT 0.0
  134. .TP
  135. .B \-\-log\-file\-level=LOG_LEVEL_LOGFILE
  136. Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
  137. \fBdebug\fP, \fBinfo\fP, \fBwarning\fP, \fBerror\fP, \fBquiet\fP\&. Default:
  138. \fBwarning\fP\&.
  139. .UNINDENT
  140. .SS Output Options
  141. .INDENT 0.0
  142. .TP
  143. .B \-\-out
  144. Pass in an alternative outputter to display the return of data. This
  145. outputter can be any of the available outputters:
  146. .INDENT 7.0
  147. .INDENT 3.5
  148. \fBhighstate\fP, \fBjson\fP, \fBkey\fP, \fBoverstatestage\fP, \fBpprint\fP, \fBraw\fP, \fBtxt\fP, \fByaml\fP, and many others\&.
  149. .UNINDENT
  150. .UNINDENT
  151. .sp
  152. Some outputters are formatted only for data returned from specific functions.
  153. If an outputter is used that does not support the data passed into it, then
  154. Salt will fall back on the \fBpprint\fP outputter and display the return data
  155. using the Python \fBpprint\fP standard library module.
  156. .sp
  157. \fBNOTE:\fP
  158. .INDENT 7.0
  159. .INDENT 3.5
  160. If using \fB\-\-out=json\fP, you will probably want \fB\-\-static\fP as well.
  161. Without the static option, you will get a separate JSON string per minion
  162. which makes JSON output invalid as a whole.
  163. This is due to using an iterative outputter. So if you want to feed it
  164. to a JSON parser, use \fB\-\-static\fP as well.
  165. .UNINDENT
  166. .UNINDENT
  167. .UNINDENT
  168. .INDENT 0.0
  169. .TP
  170. .B \-\-out\-indent OUTPUT_INDENT, \-\-output\-indent OUTPUT_INDENT
  171. Print the output indented by the provided value in spaces. Negative values
  172. disable indentation. Only applicable in outputters that support
  173. indentation.
  174. .UNINDENT
  175. .INDENT 0.0
  176. .TP
  177. .B \-\-out\-file=OUTPUT_FILE, \-\-output\-file=OUTPUT_FILE
  178. Write the output to the specified file.
  179. .UNINDENT
  180. .INDENT 0.0
  181. .TP
  182. .B \-\-out\-file\-append, \-\-output\-file\-append
  183. Append the output to the specified file.
  184. .UNINDENT
  185. .INDENT 0.0
  186. .TP
  187. .B \-\-no\-color
  188. Disable all colored output
  189. .UNINDENT
  190. .INDENT 0.0
  191. .TP
  192. .B \-\-force\-color
  193. Force colored output
  194. .sp
  195. \fBNOTE:\fP
  196. .INDENT 7.0
  197. .INDENT 3.5
  198. When using colored output the color codes are as follows:
  199. .sp
  200. \fBgreen\fP denotes success, \fBred\fP denotes failure, \fBblue\fP denotes
  201. changes and success and \fByellow\fP denotes a expected future change in configuration.
  202. .UNINDENT
  203. .UNINDENT
  204. .UNINDENT
  205. .INDENT 0.0
  206. .TP
  207. .B \-\-state\-output=STATE_OUTPUT, \-\-state_output=STATE_OUTPUT
  208. Override the configured state_output value for minion
  209. output. One of \(aqfull\(aq, \(aqterse\(aq, \(aqmixed\(aq, \(aqchanges\(aq or
  210. \(aqfilter\(aq. Default: \(aqnone\(aq.
  211. .UNINDENT
  212. .INDENT 0.0
  213. .TP
  214. .B \-\-state\-verbose=STATE_VERBOSE, \-\-state_verbose=STATE_VERBOSE
  215. Override the configured state_verbose value for minion
  216. output. Set to True or False. Default: none.
  217. .UNINDENT
  218. .SS Actions
  219. .INDENT 0.0
  220. .TP
  221. .B \-l ARG, \-\-list=ARG
  222. List the public keys. The args \fBpre\fP, \fBun\fP, and \fBunaccepted\fP will
  223. list unaccepted/unsigned keys. \fBacc\fP or \fBaccepted\fP will list
  224. accepted/signed keys. \fBrej\fP or \fBrejected\fP will list rejected keys.
  225. Finally, \fBall\fP will list all keys.
  226. .UNINDENT
  227. .INDENT 0.0
  228. .TP
  229. .B \-L, \-\-list\-all
  230. List all public keys. (Deprecated: use \fB\-\-list all\fP)
  231. .UNINDENT
  232. .INDENT 0.0
  233. .TP
  234. .B \-a ACCEPT, \-\-accept=ACCEPT
  235. Accept the specified public key (use \-\-include\-all to match rejected keys
  236. in addition to pending keys). Globs are supported.
  237. .UNINDENT
  238. .INDENT 0.0
  239. .TP
  240. .B \-A, \-\-accept\-all
  241. Accepts all pending keys.
  242. .UNINDENT
  243. .INDENT 0.0
  244. .TP
  245. .B \-r REJECT, \-\-reject=REJECT
  246. Reject the specified public key (use \-\-include\-all to match accepted keys
  247. in addition to pending keys). Globs are supported.
  248. .UNINDENT
  249. .INDENT 0.0
  250. .TP
  251. .B \-R, \-\-reject\-all
  252. Rejects all pending keys.
  253. .UNINDENT
  254. .INDENT 0.0
  255. .TP
  256. .B \-\-include\-all
  257. Include non\-pending keys when accepting/rejecting.
  258. .UNINDENT
  259. .INDENT 0.0
  260. .TP
  261. .B \-p PRINT, \-\-print=PRINT
  262. Print the specified public key.
  263. .UNINDENT
  264. .INDENT 0.0
  265. .TP
  266. .B \-P, \-\-print\-all
  267. Print all public keys
  268. .UNINDENT
  269. .INDENT 0.0
  270. .TP
  271. .B \-d DELETE, \-\-delete=DELETE
  272. Delete the specified key. Globs are supported.
  273. .UNINDENT
  274. .INDENT 0.0
  275. .TP
  276. .B \-D, \-\-delete\-all
  277. Delete all keys.
  278. .UNINDENT
  279. .INDENT 0.0
  280. .TP
  281. .B \-f FINGER, \-\-finger=FINGER
  282. Print the specified key\(aqs fingerprint.
  283. .UNINDENT
  284. .INDENT 0.0
  285. .TP
  286. .B \-F, \-\-finger\-all
  287. Print all keys\(aq fingerprints.
  288. .UNINDENT
  289. .SS Key Generation Options
  290. .INDENT 0.0
  291. .TP
  292. .B \-\-gen\-keys=GEN_KEYS
  293. Set a name to generate a keypair for use with salt
  294. .UNINDENT
  295. .INDENT 0.0
  296. .TP
  297. .B \-\-gen\-keys\-dir=GEN_KEYS_DIR
  298. Set the directory to save the generated keypair. Only works
  299. with \(aqgen_keys_dir\(aq option; default is the current directory.
  300. .UNINDENT
  301. .INDENT 0.0
  302. .TP
  303. .B \-\-keysize=KEYSIZE
  304. Set the keysize for the generated key, only works with
  305. the \(aq\-\-gen\-keys\(aq option, the key size must be 2048 or
  306. higher, otherwise it will be rounded up to 2048. The
  307. default is 2048.
  308. .UNINDENT
  309. .INDENT 0.0
  310. .TP
  311. .B \-\-gen\-signature
  312. Create a signature file of the master\(aqs public\-key named
  313. master_pubkey_signature. The signature can be sent to a minion in the
  314. master\(aqs auth\-reply and enables the minion to verify the master\(aqs public\-key
  315. cryptographically. This requires a new signing\-key\-pair which can be
  316. auto\-created with the \-\-auto\-create parameter.
  317. .UNINDENT
  318. .INDENT 0.0
  319. .TP
  320. .B \-\-priv=PRIV
  321. The private\-key file to create a signature with
  322. .UNINDENT
  323. .INDENT 0.0
  324. .TP
  325. .B \-\-signature\-path=SIGNATURE_PATH
  326. The path where the signature file should be written
  327. .UNINDENT
  328. .INDENT 0.0
  329. .TP
  330. .B \-\-pub=PUB
  331. The public\-key file to create a signature for
  332. .UNINDENT
  333. .INDENT 0.0
  334. .TP
  335. .B \-\-auto\-create
  336. Auto\-create a signing key\-pair if it does not yet exist
  337. .UNINDENT
  338. .SH SEE ALSO
  339. .sp
  340. \fBsalt(7)\fP
  341. \fBsalt\-master(1)\fP
  342. \fBsalt\-minion(1)\fP
  343. .SH AUTHOR
  344. Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
  345. .\" Generated by docutils manpage writer.
  346. .