salt-key
-c
CONFIG_DIR
,
--config-dir
=CONFIG_dir
The location of the Salt configuration directory. This directory contains
the configuration files for Salt master and minions. The default location
on most systems is /etc/salt
.
--rotate-aes-key
=ROTATE_AES_KEY
Setting this to False prevents the master from refreshing the key session when keys are deleted or rejected, this lowers the security of the key deletion/rejection operation. Default is True.
--out
Pass in an alternative outputter to display the return of data. This outputter can be any of the available outputters:
grains
,highstate
,json
,key
,overstatestage
,pprint
,raw
,txt
,yaml
Some outputters are formatted only for data returned from specific
functions; for instance, the grains
outputter will not work for non-grains
data.
If an outputter is used that does not support the data passed into it, then
Salt will fall back on the pprint
outputter and display the return data
using the Python pprint
standard library module.
Note
If using --out=json
, you will probably want --static
as well.
Without the static option, you will get a JSON string for each minion.
This is due to using an iterative outputter. So if you want to feed it
to a JSON parser, use --static
as well.
-l
ARG
,
--list
=ARG
List the public keys. The args pre
, un
, and unaccepted
will
list unaccepted/unsigned keys. acc
or accepted
will list
accepted/signed keys. rej
or rejected
will list rejected keys.
Finally, all
will list all keys.
-a
ACCEPT
,
--accept
=ACCEPT
Accept the specified public key (use --include-all to match rejected keys in addition to pending keys). Globs are supported.
--gen-keys-dir
=GEN_KEYS_DIR
Set the directory to save the generated keypair. Only works with 'gen_keys_dir' option; default is the current directory.
--keysize
=KEYSIZE
Set the keysize for the generated key, only works with the '--gen-keys' option, the key size must be 2048 or higher, otherwise it will be rounded up to 2048. The default is 2048.
--gen-signature
Create a signature file of the masters public-key named master_pubkey_signature. The signature can be send to a minion in the masters auth-reply and enables the minion to verify the masters public-key cryptographically. This requires a new signing-key- pair which can be auto-created with the --auto-create parameter.