Provided by: coturn_4.5.1.1-1.1build1_amd64 bug


       turnadmin is a TURN administration tool. This tool can be used to manage the user accounts
       (add/remove users, generate TURN keys for the users). For  security  reasons,  we  do  not
       recommend storing passwords openly. The better option is to use pre-processed "keys" which
       are then used for authentication. These keys are generated by turnadmin.  Turnadmin  is  a
       link to turnserver binary, but turnadmin performs different functions.

       Options  note:  turnadmin has long and short option names, for most options.  Some options
       have only long form, some options have only short form. Their syntax  somewhat  different,
       if an argument is required:

       The short form must be used as this (for example):

         $ turnadmin -u <username> ...

       The long form equivalent must use the "=" character:

         $ turnadmin --user=<username> ...

       If  this  is  a  flag  option  (no  argument  required) then their usage are the same, for

        $ turnadmin -k ...

       is equivalent to:

        $ turnadmin --key ...

       You have always the use the -r <realm> option with commands for long  term  credentials  -
       because data for multiple realms can be stored in the same database.


        turnadmin - a TURN relay administration tool.

       $ turnadmin [command] [options]

       $ turnadmin [ -h | --help]


       -P, --generate-encrypted-password
              Generate  and print to the standard output an encrypted form of a password (for web
              admin user or CLI).  The value then can be used as a  safe  key  for  the  password
              storage on disk or in the database. Every invocation for the same password produces
              a   different   result.   The   for   mat   of   the   encrypted    password    is:
              $5$<...salt...>$<...sha256(salt+password)...>.  Salt  is  16 characters, the sha256
              output is 64 characters. Character 5 is the algorithm id (sha256).  Only sha256  is
              supported as the hash function.

       -k, --key
              Generate key for a long-term credentials mechanism user.

       -a, --add
              Add or update a long-term user.

       -A, --add-admin
              Add or update an admin user.

       -d, --delete
              Delete a long-term user.

       -D, --delete-admin
              Delete an admin user.

       -l, --list
              List long-term users in the database.

       -L, --list-admin
              List admin users in the database.

       -s, --set-secret=<value> Add shared secret for TURN RESP API

       -S, --show-secret
              Show stored shared secrets for TURN REST API

       -X, --delete-secret=<value> Delete a shared secret.

                     Delete all shared secrets for REST API.

       -O, --add-origin
              Add origin-to-realm relation.

       -R, --del-origin
              Delete origin-to-realm relation.

       -I, --list-origins
              List origin-to-realm relations.

       -g, --set-realm-option
              Set realm params: max-bps, total-quota, user-quota.

       -G, --list-realm-options
              List realm params.

       -E, --generate-encrypted-password-aes
              Generate  and  print  to  the  standard  output  an encrypted form of password with

       Options with required values:

       -b, --db, --userdb
              SQLite    user    database    file    name    (default    -    /var/db/turndb    or
              /usr/local/var/db/turndb  or  /var/lib/turn/turndb).   See  the  same option in the
              turnserver section.

       -e, --psql-userdb
              PostgreSQL user database connection string.  See the --psql-userdb  option  in  the
              turnserver section.

       -M, --mysql-userdb
              MySQL  user  database  connection  string.   See  the  --mysql-userdb option in the
              turnserver section.

       -J, --mongo-userdb
              MongoDB user database connection string.   See  the  --mysql-mongo  option  in  the
              turnserver section.

       -N, --redis-userdb
              Redis  user  database  connection  string.   See  the  --redis-userdb option in the
              turnserver section.

       -u, --user
              User name.

       -r, --realm

       -p, --password

       -x, --key-path
              Generates a 128 bit key into the given path.

       -f, --file-key-path
              Contains a 128 bit key in the given path.

       -v, --verify
              Verify a given base64 encrypted type password.

       -o, --origin

              Set value of realm's max-bps parameter.

              Set value of realm's total-quota parameter.

              Set value of realm's user-quota parameter.

       -h, --help

       Command examples:

       Generate an encrypted form of a password:

       $ turnadmin -P -p <password>

       Generate a key:

       $ turnadmin -k -u <username> -r <realm> -p <password>

       Add/update a user in the in the database:

       $ turnadmin -a [-b <userdb-file> | -e <db-connection-string> | -M <db-connection-string> |
       -N <db-connection-string> ] -u <username> -r <realm> -p <password>

       Delete a user from the database:

       $ turnadmin -d [-b <userdb-file> | -e <db-connection-string> | -M <db-connection-string> |
       -N <db-connection-string> ] -u <username> -r <realm>

       List all long-term users in MySQL database:

       $ turnadmin -l --mysql-userdb="<db-connection-string>" -r <realm>

       List all admin users in Redis database:

       $ turnadmin -L --redis-userdb="<db-connection-string>"

       Set secret in MySQL database:

       $ turnadmin -s <secret> --mysql-userdb="<db-connection-string>" -r <realm>

       Show secret stored in PostgreSQL database:

       $ turnadmin -S --psql-userdb="<db-connection-string>" -r <realm>

       Set origin-to-realm relation in MySQL database:

       $ turnadmin --mysql-userdb="<db-connection-string>" -r <realm> -o <origin>

       Delete origin-to-realm relation from Redis DB:

       $ turnadmin --redis-userdb="<db-connection-string>" -o <origin>

       List all origin-to-realm relations in Redis DB:

       $ turnadmin --redis-userdb="<db-connection-string>" -I

       List the origin-to-realm relations in PostgreSQL DB for a single realm:

       $ turnadmin --psql-userdb="<db-connection-string>" -I -r <realm>

       Create new key file for mysql password encryption:

       $ turnadmin -E --key-path <key-file>

       Create encrypted mysql password:

       $ turnadmin -E --file-key-path <key-file> -p <secret>

       Verify/decrypt encrypted password:

       $ turnadmin --file-key-path <key-file> -v <encrypted>


              $ turnadmin -h


       After installation, run the command:

       $ man turnadmin

       or in the project root directory:

       $ man -M man turnadmin

       to see the man page.












       turnserver, turnutils


       project page:

       Wiki page:



       Oleg Moskalenko <>

       Gabor Kovesdan

       Daniel Pocock

       John Selbie (

       Lee Sylvester <>

       Erik Johnston <>

       Roman Lisagor <>

       Vladimir Tsanev <>

       Po-sheng Lin <>

       Peter Dunkley <>

       Mutsutoshi Yoshimoto <>

       Federico Pinna <>

       Bradley T. Hughes <>

       Mihaly Meszaros <>

                                         29 January 2019                                  TURN(1)