1SALT-KEY(1)                          Salt                          SALT-KEY(1)
2
3
4

NAME

6       salt-key - salt-key Documentation
7

SYNOPSIS

9          salt-key [ options ]
10

DESCRIPTION

12       Salt-key executes simple management of Salt server public keys used for
13       authentication.
14
15       On initial connection, a Salt minion sends its public key to  the  Salt
16       master.  This  key  must  be accepted using the salt-key command on the
17       Salt master.
18
19       Salt minion keys can be in one of the following states:
20
21unaccepted: key is waiting to be accepted.
22
23accepted: key was accepted and the minion can  communicate  with  the
24         Salt master.
25
26rejected:  key was rejected using the salt-key command. In this state
27         the minion does not receive any communication from the Salt master.
28
29denied: key was rejected automatically by the Salt master.  This  oc‐
30         curs  when  a minion has a duplicate ID, or when a minion was rebuilt
31         or had new keys generated and the previous key was not  deleted  from
32         the Salt master. In this state the minion does not receive any commu‐
33         nication from the Salt master.
34
35       To change the state of a minion key, use -d to delete the key and  then
36       accept or reject the key.
37

OPTIONS

39       --version
40              Print the version of Salt that is running.
41
42       --versions-report
43              Show program's dependencies and version number, and then exit
44
45       -h, --help
46              Show the help message and exit
47
48       -c CONFIG_DIR, --config-dir=CONFIG_dir
49              The location of the Salt configuration directory. This directory
50              contains the configuration files for Salt  master  and  minions.
51              The default location on most systems is /etc/salt.
52
53       -u USER, --user=USER
54              Specify user to run salt-key
55
56       --hard-crash
57              Raise any original exception rather than exiting gracefully. De‐
58              fault is False.
59
60       -q, --quiet
61              Suppress output
62
63       -y, --yes
64              Answer 'Yes' to all questions presented, defaults to False
65
66       --rotate-aes-key=ROTATE_AES_KEY
67              Setting this to False prevents the master  from  refreshing  the
68              key  session  when keys are deleted or rejected, this lowers the
69              security of the key  deletion/rejection  operation.  Default  is
70              True.
71
72   Logging Options
73       Logging  options  which override any settings defined on the configura‐
74       tion files.
75
76       --log-file=LOG_FILE
77              Log file path. Default: /var/log/salt/minion.
78
79       --log-file-level=LOG_LEVEL_LOGFILE
80              Logfile logging log level. One of all,  garbage,  trace,  debug,
81              info, warning, error, quiet. Default: warning.
82
83   Output Options
84       --out  Pass  in an alternative outputter to display the return of data.
85              This outputter can be any of the available outputters:
86                 highstate, json, key, overstatestage, pprint, raw, txt, yaml,
87                 and many others.
88
89              Some  outputters  are formatted only for data returned from spe‐
90              cific functions.  If an outputter is used that does not  support
91              the  data passed into it, then Salt will fall back on the pprint
92              outputter and display the return data using  the  Python  pprint
93              standard library module.
94
95       --out-indent OUTPUT_INDENT, --output-indent OUTPUT_INDENT
96              Print the output indented by the provided value in spaces. Nega‐
97              tive values disable indentation. Only applicable  in  outputters
98              that support indentation.
99
100       --out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE
101              Write the output to the specified file.
102
103       --out-file-append, --output-file-append
104              Append the output to the specified file.
105
106       --no-color
107              Disable all colored output
108
109       --force-color
110              Force colored output
111
112              NOTE:
113                 When using colored output the color codes are as follows:
114
115                 green  denotes  success,  red  denotes  failure, blue denotes
116                 changes and success and  yellow  denotes  a  expected  future
117                 change in configuration.
118
119       --state-output=STATE_OUTPUT, --state_output=STATE_OUTPUT
120              Override  the  configured  state_output value for minion output.
121              One of 'full', 'terse', 'mixed', 'changes' or 'filter'. Default:
122              'none'.
123
124       --state-verbose=STATE_VERBOSE, --state_verbose=STATE_VERBOSE
125              Override  the  configured state_verbose value for minion output.
126              Set to True or False. Default: none.
127
128   Actions
129       -l ARG, --list=ARG
130              List the public keys. The args pre, un, and unaccepted will list
131              unaccepted/unsigned   keys.   acc  or  accepted  will  list  ac‐
132              cepted/signed keys. rej or rejected  will  list  rejected  keys.
133              Finally, all will list all keys.
134
135       -L, --list-all
136              List all public keys. (Deprecated: use --list all)
137
138       -a ACCEPT, --accept=ACCEPT
139              Accept  the specified public key (use --include-all to match re‐
140              jected keys in addition to pending keys). Globs are supported.
141
142       -A, --accept-all
143              Accepts all pending keys.
144
145       -r REJECT, --reject=REJECT
146              Reject the specified public key (use --include-all to match  ac‐
147              cepted keys in addition to pending keys). Globs are supported.
148
149       -R, --reject-all
150              Rejects all pending keys.
151
152       --include-all
153              Include non-pending keys when accepting/rejecting.
154
155       -p PRINT, --print=PRINT
156              Print the specified public key.
157
158       -P, --print-all
159              Print all public keys
160
161       -d DELETE, --delete=DELETE
162              Delete the specified key. Globs are supported.
163
164       -D, --delete-all
165              Delete all keys.
166
167       -f FINGER, --finger=FINGER
168              Print the specified key's fingerprint.
169
170       -F, --finger-all
171              Print all keys' fingerprints.
172
173   Key Generation Options
174       --gen-keys=GEN_KEYS
175              Set a name to generate a keypair for use with salt
176
177       --gen-keys-dir=GEN_KEYS_DIR
178              Set  the  directory  to  save the generated keypair.  Only works
179              with 'gen_keys_dir' option; default is the current directory.
180
181       --keysize=KEYSIZE
182              Set the keysize for the  generated  key,  only  works  with  the
183              '--gen-keys' option, the key size must be 2048 or higher, other‐
184              wise it will be rounded up to 2048. The default is 2048.
185
186       --gen-signature
187              Create a signature file of the master's  public-key  named  mas‐
188              ter_pubkey_signature.  The  signature can be sent to a minion in
189              the master's auth-reply and enables the  minion  to  verify  the
190              master's public-key cryptographically. This requires a new sign‐
191              ing-key-pair which can be auto-created  with  the  --auto-create
192              parameter.
193
194       --priv=PRIV
195              The private-key file to create a signature with
196
197       --signature-path=SIGNATURE_PATH
198              The path where the signature file should be written
199
200       --pub=PUB
201              The public-key file to create a signature for
202
203       --auto-create
204              Auto-create a signing key-pair if it does not yet exist
205

SEE ALSO

207       salt(7) salt-master(1) salt-minion(1)
208

AUTHOR

210       Thomas  S.  Hatch  <thatch45@gmail.com> and many others, please see the
211       Authors file
212
213
214
215
2163004.2                           May 12, 2022                      SALT-KEY(1)
Impressum