Provided by: cfengine3_3.15.2-3.1_amd64 bug


       cf-key - make private/public key-pairs for CFEngine authentication


       cf-key [OPTION]...


       The CFEngine key generator makes key pairs for remote authentication.


       --help, -h
              Print the help message

       --inform, -I
              Print basic information about key generation

       --debug, -d
              Enable debugging output

       --verbose, -v
              Output verbose information about the behaviour of cf-key

       --version, -V
              Output the version of the software

       --log-level, -g value
              Specify how detailed logs should be. Possible values: 'error', 'warning', 'notice',
              'info', 'verbose', 'debug'

       --output-file, -f value
              Specify an alternative output file than the default.

       --key-type, -T value
              Specify a RSA key size in bits, the default value is 2048.

       --show-hosts, -s
              Show lastseen hostnames and IP addresses

       --no-truncate, -N
              Don't truncate -s / --show-hosts output

       --remove-keys, -r value
              Remove keys for specified  hostname/IP/MD5/SHA  (cf-key  -r  SHA=12345,  cf-key  -r
              MD5=12345, cf-key -r host001, cf-key -r

       --force-removal, -x
              Force removal of keys

       --install-license, -l value
              Install license file on Enterprise server (CFEngine Enterprise Only)

       --print-digest, -p value
              Print digest of the specified public key

       --trust-key, -t value
              Make  cf-serverd/cf-agent  trust the specified public key. Argument value is of the
              form [[USER@]IPADDR:]FILENAME where FILENAME is the local path of  the  public  key
              for client at IPADDR address.

       --color, -C value
              Enable  colorized  output. Possible values: 'always', 'auto', 'never'. If option is
              used, the default value is 'auto'

       --timestamp, -Ò
              Log timestamps on each line of log output

       --numeric, -n
              Do not lookup host names


       CFEngine provides automated configuration management of large-scale  computer  systems.  A
       system  administrator  describes the desired state of a system using CFEngine policy code.
       The program cf-agent reads policy code and attempts to bring the current system  state  to
       the  desired  state  described.  Policy  code  is downloaded by cf-agent from a cf-serverd
       daemon. The daemon cf-execd is responsible for running cf-agent periodically.
       Documentation for CFEngine is available at


       CFEngine is built on principles from promise theory, proposed by  Mark  Burgess  in  2004.
       Promise  theory  is a model of voluntary cooperation between individual, autonomous actors
       or agents who publish their intentions to one another in the form of promises.  A  promise
       is  a declaration of intent whose purpose is to increase the recipient's certainty about a
       claim of past, present or future behaviour. For  a  promise  to  increase  certainty,  the
       recipient  needs  to  trust  the promiser, but trust can also be built on the verification
       that previous promises have been kept, thus trust  plays  a  symbiotic  relationship  with
       For an introduction to promise theory, please see


       cf-key is part of CFEngine.
       Binary packages may be downloaded from
       The source code is available at


       Please see the public bug-tracker at
       GitHub pull-requests may be submitted to


       cf-promises(8),  cf-agent(8),  cf-serverd(8), cf-execd(8), cf-monitord(8), cf-runagent(8),


       Mark Burgess and AS