1SALT-KEY(1) Salt SALT-KEY(1)
2
3
4
6 salt-key - salt-key Documentation
7
9 salt-key [ options ]
10
12 Salt-key executes simple management of Salt server public keys used for
13 authentication.
14
15 On initial connection, a Salt minion sends its public key to the Salt
16 master. This key must be accepted using the salt-key command on the
17 Salt master.
18
19 Salt minion keys can be in one of the following states:
20
21 · unaccepted: key is waiting to be accepted.
22
23 · accepted: key was accepted and the minion can communicate with the
24 Salt master.
25
26 · rejected: key was rejected using the salt-key command. In this state
27 the minion does not receive any communication from the Salt master.
28
29 · denied: key was rejected automatically by the Salt master. This
30 occurs when a minion has a duplicate ID, or when a minion was rebuilt
31 or had new keys generated and the previous key was not deleted from
32 the Salt master. In this state the minion does not receive any commu‐
33 nication from the Salt master.
34
35 To change the state of a minion key, use -d to delete the key and then
36 accept or reject the key.
37
39 --version
40 Print the version of Salt that is running.
41
42 --versions-report
43 Show program's dependencies and version number, and then exit
44
45 -h, --help
46 Show the help message and exit
47
48 -c CONFIG_DIR, --config-dir=CONFIG_dir
49 The location of the Salt configuration directory. This directory
50 contains the configuration files for Salt master and minions.
51 The default location on most systems is /etc/salt.
52
53 -u USER, --user=USER
54 Specify user to run salt-key
55
56 --hard-crash
57 Raise any original exception rather than exiting gracefully.
58 Default is False.
59
60 -q, --quiet
61 Suppress output
62
63 -y, --yes
64 Answer 'Yes' to all questions presented, defaults to False
65
66 --rotate-aes-key=ROTATE_AES_KEY
67 Setting this to False prevents the master from refreshing the
68 key session when keys are deleted or rejected, this lowers the
69 security of the key deletion/rejection operation. Default is
70 True.
71
72 Logging Options
73 Logging options which override any settings defined on the configura‐
74 tion files.
75
76 --log-file=LOG_FILE
77 Log file path. Default: /var/log/salt/minion.
78
79 --log-file-level=LOG_LEVEL_LOGFILE
80 Logfile logging log level. One of all, garbage, trace, debug,
81 info, warning, error, quiet. Default: warning.
82
83 Output Options
84 --out Pass in an alternative outputter to display the return of data.
85 This outputter can be any of the available outputters:
86 highstate, json, key, overstatestage, pprint, raw, txt, yaml,
87 and many others.
88
89 Some outputters are formatted only for data returned from spe‐
90 cific functions. If an outputter is used that does not support
91 the data passed into it, then Salt will fall back on the pprint
92 outputter and display the return data using the Python pprint
93 standard library module.
94
95 --out-indent OUTPUT_INDENT, --output-indent OUTPUT_INDENT
96 Print the output indented by the provided value in spaces. Nega‐
97 tive values disable indentation. Only applicable in outputters
98 that support indentation.
99
100 --out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE
101 Write the output to the specified file.
102
103 --out-file-append, --output-file-append
104 Append the output to the specified file.
105
106 --no-color
107 Disable all colored output
108
109 --force-color
110 Force colored output
111
112 NOTE:
113 When using colored output the color codes are as follows:
114
115 green denotes success, red denotes failure, blue denotes
116 changes and success and yellow denotes a expected future
117 change in configuration.
118
119 --state-output=STATE_OUTPUT, --state_output=STATE_OUTPUT
120 Override the configured state_output value for minion output.
121 One of 'full', 'terse', 'mixed', 'changes' or 'filter'. Default:
122 'none'.
123
124 --state-verbose=STATE_VERBOSE, --state_verbose=STATE_VERBOSE
125 Override the configured state_verbose value for minion output.
126 Set to True or False. Default: none.
127
128 Actions
129 -l ARG, --list=ARG
130 List the public keys. The args pre, un, and unaccepted will list
131 unaccepted/unsigned keys. acc or accepted will list
132 accepted/signed keys. rej or rejected will list rejected keys.
133 Finally, all will list all keys.
134
135 -L, --list-all
136 List all public keys. (Deprecated: use --list all)
137
138 -a ACCEPT, --accept=ACCEPT
139 Accept the specified public key (use --include-all to match
140 rejected keys in addition to pending keys). Globs are supported.
141
142 -A, --accept-all
143 Accepts all pending keys.
144
145 -r REJECT, --reject=REJECT
146 Reject the specified public key (use --include-all to match
147 accepted keys in addition to pending keys). Globs are supported.
148
149 -R, --reject-all
150 Rejects all pending keys.
151
152 --include-all
153 Include non-pending keys when accepting/rejecting.
154
155 -p PRINT, --print=PRINT
156 Print the specified public key.
157
158 -P, --print-all
159 Print all public keys
160
161 -d DELETE, --delete=DELETE
162 Delete the specified key. Globs are supported.
163
164 -D, --delete-all
165 Delete all keys.
166
167 -f FINGER, --finger=FINGER
168 Print the specified key's fingerprint.
169
170 -F, --finger-all
171 Print all keys' fingerprints.
172
173 Key Generation Options
174 --gen-keys=GEN_KEYS
175 Set a name to generate a keypair for use with salt
176
177 --gen-keys-dir=GEN_KEYS_DIR
178 Set the directory to save the generated keypair. Only works
179 with 'gen_keys_dir' option; default is the current directory.
180
181 --keysize=KEYSIZE
182 Set the keysize for the generated key, only works with the
183 '--gen-keys' option, the key size must be 2048 or higher, other‐
184 wise it will be rounded up to 2048. The default is 2048.
185
186 --gen-signature
187 Create a signature file of the master's public-key named mas‐
188 ter_pubkey_signature. The signature can be sent to a minion in
189 the master's auth-reply and enables the minion to verify the
190 master's public-key cryptographically. This requires a new sign‐
191 ing-key-pair which can be auto-created with the --auto-create
192 parameter.
193
194 --priv=PRIV
195 The private-key file to create a signature with
196
197 --signature-path=SIGNATURE_PATH
198 The path where the signature file should be written
199
200 --pub=PUB
201 The public-key file to create a signature for
202
203 --auto-create
204 Auto-create a signing key-pair if it does not yet exist
205
207 salt(7) salt-master(1) salt-minion(1)
208
210 Thomas S. Hatch <thatch45@gmail.com> and many others, please see the
211 Authors file
212
213
214
215
2163000.2 Apr 14, 2020 SALT-KEY(1)