ykman

Manage and configure YubiKey devices

TLDR

Display general information about a YubiKey (serial number, firmware version, capabilities, etc.)

$ ykman info

List connected YubiKeys with short, one-line descriptions (including the serial number)

$ ykman list

View documentation for enabling and disabling applications

$ tldr ykman config

View documentation for managing the FIDO applications

$ tldr ykman fido

View documentation for managing the OATH application

$ tldr ykman oath

View documentation for managing the OpenPGP application

$ tldr ykman openpgp

--version
    Show the program's version number and exit.

-v, --verbose
    Enable verbose output.

-l, --log-level
    Set the log level (debug, info, warning, error, critical).

-q, --quiet
    Suppress output to stdout, useful when only interested in return codes.

-h, --help
    Show help message and exit.

otp
    Manage YubiKey OTP functionality.

oath
    Manage OATH credentials on the YubiKey.

piv
    Manage PIV applications on the YubiKey.

fido
    Manage FIDO applications on the YubiKey.

fido2
    Manage FIDO2 applications on the YubiKey.

serial
    Display the serial number of the YubiKey.

info
    Display information about the YubiKey.

device
    Manage settings of the YubiKey device.

gui
    Open the GUI of the YubiKey Manager

config
    View/Set the configuration of ykman

DESCRIPTION

The ykman command-line tool provides a comprehensive interface for managing and configuring YubiKeys. It allows users to perform various operations, including setting PINs, managing PIV applications, configuring OTP slots, updating firmware (when possible), and retrieving device information.

It is designed to be used in scripting and automation workflows, as well as for interactive use. ykman supports multiple authentication protocols, including Yubico OTP, OATH, FIDO2, and PIV, making it a versatile tool for managing YubiKey security features. The tool aims to be the official command-line tool for YubiKey Management, covering most of the functionality from the YubiKey Manager GUI.

CAVEATS

Some YubiKey features may require specific firmware versions. Always consult the official YubiKey documentation for the most up-to-date information.

EXAMPLES

Display YubiKey Information:
ykman info

Change the PIN for PIV application:
ykman piv change-pin

HISTORY

The ykman command-line tool evolved as a need arose for a robust and scriptable way to manage YubiKeys, complementing the YubiKey Manager GUI. It has been actively developed and maintained by Yubico to provide comprehensive control over YubiKey features from the command line, facilitating integration with automated workflows and systems.