ykman

List YubiKeys

$ ykman list

$ ykman info

$ ykman oath accounts list

$ ykman oath accounts code [account_name]

$ ykman oath accounts add -t [name] [secret]

$ ykman fido reset

$ ykman fido access change-pin

$ ykman piv certificates list

ykman [options] command [subcommand] [args]

ykman (YubiKey Manager) is the official CLI from Yubico for managing all aspects of YubiKey hardware security tokens. It provides a unified interface to configure and interact with the various applications available on the device.
The oath subcommand manages TOTP and HOTP accounts, storing two-factor authentication secrets on the hardware and generating one-time codes. The fido subcommand handles FIDO2/WebAuthn credentials for passwordless authentication, including PIN management and resident key storage. The piv subcommand manages X.509 certificates for smart card operations, and openpgp configures PGP keys for signing, encryption, and SSH authentication.
The config subcommand controls device-level settings such as enabling or disabling USB and NFC interfaces for specific applications. The info and list commands display device details including serial number, firmware version, and available applications. The -d flag selects a specific device when multiple YubiKeys are connected.

list

List devices.

Device info.

OATH commands.

FIDO commands.

PIV commands.

OpenPGP commands.

Configuration.

Device serial.

Requires YubiKey. Some operations are destructive. Backup before reset.

ykman (YubiKey Manager) is the official CLI from Yubico. It replaces older tools with unified management.

gpg(1), ssh-keygen(1)