salt-key --help

  • # salt-key --help
    Usage: salt-key [options]
    salt-key is used to manage Salt authentication keys
      --version             show program's version number and exit
      -V, --versions-report
                            Show program's dependencies version number and exit.
      -h, --help            show this help message and exit
      --saltfile=SALTFILE   Specify the path to a Saltfile. If not passed, one
                            will be searched for in the current working directory.
      -c CONFIG_DIR, --config-dir=CONFIG_DIR
                            Pass in an alternative configuration directory.
                            Default: '/etc/salt'.
      -u USER, --user=USER  Specify user to run salt-key.
      --hard-crash          Raise any original exception rather than exiting
                            gracefully. Default: False.
      -q, --quiet           Suppress output.
      -y, --yes             Answer "Yes" to all questions presented. Default:
                            Setting this to False prevents the master from
                            refreshing the key session when keys are deleted or
                            rejected, this lowers the security of the key
                            deletion/rejection operation. Default: True.
                            Setting this to True prevents the master from deleting
                            the minion cache when keys are deleted, this may have
                            security implications if compromised minions auth with
                            a previous deleted minion ID. Default: False.
      Logging Options:
        Logging options which override any settings defined on the
        configuration files.
                            Log file path. Default: '/var/log/salt/key'.
                            Logfile logging log level. One of 'all', 'garbage',
                            'trace', 'debug', 'profile', 'info', 'warning',
                            'error', 'critical', 'quiet'. Default: 'warning'.
      External Authentication:
        --auth=EAUTH, --eauth=EAUTH, --external-auth=EAUTH
                            Specify an external authentication system to use.
        -T, --make-token    Generate and save an authentication token for re-use.
                            The token is generated and made available for the
                            period defined in the Salt Master.
                            Username for external authentication.
                            Password for external authentication.
      Output Options:
        Configure your preferred output format.
        --out=OUTPUT, --output=OUTPUT
                            Print the output from the 'salt-key' command using the
                            specified outputter.
        --out-indent=OUTPUT_INDENT, --output-indent=OUTPUT_INDENT
                            Print the output indented by the provided value in
                            spaces. Negative values disables indentation. Only
                            applicable in outputters that support indentation.
        --out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE
                            Write the output to the specified file.
        --out-file-append, --output-file-append
                            Append the output to the specified file.
        --no-color, --no-colour
                            Disable all colored output.
        --force-color, --force-colour
                            Force colored output.
        --state-output=STATE_OUTPUT, --state_output=STATE_OUTPUT
                            Override the configured state_output value for minion
                            output. One of 'full', 'terse', 'mixed', 'changes' or
                            'filter'. Default: 'none'.
        --state-verbose=STATE_VERBOSE, --state_verbose=STATE_VERBOSE
                            Override the configured state_verbose value for minion
                            output. Set to True or False. Default: none.
        -l ARG, --list=ARG  List the public keys. The args 'pre', 'un', and
                            'unaccepted' will list unaccepted/unsigned keys. 'acc'
                            or 'accepted' will list accepted/signed keys. 'rej' or
                            'rejected' will list rejected keys. 'den' or 'denied'
                            will list denied keys. Finally, 'all' will list all
        -L, --list-all      List all public keys. Deprecated: use "--list all".
        -a ACCEPT, --accept=ACCEPT
                            Accept the specified public key (use --include-
                            rejected and --include-denied to match rejected and
                            denied keys in addition to pending keys). Globs are
        -A, --accept-all    Accept all pending keys.
        -r REJECT, --reject=REJECT
                            Reject the specified public key. Use --include-
                            accepted and --include-denied to match accepted and
                            denied keys in addition to pending keys. Globs are
        -R, --reject-all    Reject all pending keys.
        --include-all       Include rejected/accepted keys when
                            accepting/rejecting. Deprecated: use "--include-
                            rejected" and "--include-accepted".
        --include-accepted  Include accepted keys when rejecting.
        --include-rejected  Include rejected keys when accepting.
        --include-denied    Include denied keys when accepting/rejecting.
        -p PRINT, --print=PRINT
                            Print the specified public key.
        -P, --print-all     Print all public keys.
        -d DELETE, --delete=DELETE
                            Delete the specified key. Globs are supported.
        -D, --delete-all    Delete all keys.
        -f FINGER, --finger=FINGER
                            Print the specified key's fingerprint.
        -F, --finger-all    Print all keys' fingerprints.
      Key Generation Options:
                            Set a name to generate a keypair for use with salt.
                            Set the directory to save the generated keypair, only
                            works with "gen_keys_dir" option. Default: '.'.
        --keysize=KEYSIZE   Set the keysize for the generated key, only works with
                            the "--gen-keys" option, the key size must be 2048 or
                            higher, otherwise it will be rounded up to 2048.
                            Default: 2048.
        --gen-signature     Create a signature file of the masters public-key
                            named master_pubkey_signature. The signature can be
                            send to a minion in the masters auth-reply and enables
                            the minion to verify the masters public-key
                            cryptographically. This requires a new signing-key-
                            pair which can be auto-created with the --auto-create
        --priv=PRIV         The private-key file to create a signature with.
                            The path where the signature file should be written.
        --pub=PUB           The public-key file to create a signature for.
        --auto-create       Auto-create a signing key-pair if it does not yet
    You can find additional help about salt-key issuing "man salt-key" or on

Log in to reply

© Lightnetics 2020