salt-key 命令

常用示例

说明

salt-key manages Salt minion public keys on a Salt master server. In SaltStack's architecture, minions use public-key cryptography to authenticate with the master. When a minion first connects, it sends its public key to the master, which must be explicitly accepted before communication can occur. Keys exist in three states: unaccepted (pending), accepted, or rejected. The salt-key command allows administrators to list, accept, reject, and delete keys. Fingerprint verification enables secure identification of minions before accepting their keys.

参数

-L, --list-all

List all accepted, pending, and rejected minion keys

-l _ARG_, --list=_ARG_

List keys: pre/un/unaccepted, acc/accepted, rej/rejected, or all

-a _KEY_ID_, --accept=_KEY_ID_

Accept the specified minion key

-A, --accept-all

Accept all pending minion keys

-r _KEY_ID_, --reject=_KEY_ID_

Reject the specified minion key

-R, --reject-all

Reject all pending minion keys

-d _KEY_ID_, --delete=_KEY_ID_

Delete the specified minion key

-D, --delete-all

Delete all keys

-f _KEY_ID_, --finger=_KEY_ID_

Print the fingerprint of the specified key

-F, --finger-all

Print fingerprints of all keys

-y, --yes

Answer yes to all questions (use with caution)

-c _DIR_, --config-dir=_DIR_

Specify Salt configuration directory (default: /etc/salt)

--gen-keys=_NAME_

Generate a keypair with the specified name

--gen-keys-dir=_DIR_

Directory to save generated keypair

--keysize=_SIZE_

Key size for generated keys (minimum 2048)