Table of Contents

The CFEngine key generator makes key pairs for remote authentication.


  • cf-key always considers the class keygenerator to be defined.

Command reference

  --help        , -h       - Print the help message
  --inform      , -I       - Print basic information about key generation
  --debug       , -d       - Enable debugging output
  --verbose     , -v       - Output verbose information about the behaviour of cf-key
  --version     , -V       - Output the version of the software
  --log-level   , -g value - Specify how detailed logs should be. Possible values: 'error', 'warning', 'notice', 'info', 'verbose', 'debug'
  --output-file , -f value - Specify an alternative output file than the default.
  --key-type    , -T value - Specify a RSA key size in bits, the default value is 2048.
  --show-hosts  , -s       - Show lastseen hostnames and IP addresses
  --no-truncate , -N       - Don't truncate -s / --show-hosts output
  --remove-keys , -r value - Remove keys for specified hostname/IP/MD5/SHA (cf-key -r SHA=12345, cf-key -r MD5=12345, cf-key -r host001, cf-key -r
  --force-removal, -x       - Force removal of keys
  --install-license, -l value - Install license file on Enterprise server (CFEngine Enterprise Only)
  --print-digest, -p value - Print digest of the specified public key
  --trust-key   , -t value - Make cf-serverd/cf-agent trust the specified public key. Argument value is of the form [[USER@]IPADDR:]FILENAME where FILENAME is the local path of the public key for client at IPADDR address.
  --color       , -C value - Enable colorized output. Possible values: 'always', 'auto', 'never'. If option is used, the default value is 'auto'
  --timestamp              - Log timestamps on each line of log output
  --numeric     , -n       - Do not lookup host names