Scroll to navigation

CF-KEY(8) System Manager's Manual CF-KEY(8)


cf-key - make private/public key-pairs for CFEngine authentication


cf-key [OPTION]...


The CFEngine key generator makes key pairs for remote authentication.


Print the help message
Print basic information about key generation
Enable debugging output
Output verbose information about the behaviour of cf-key
Output the version of the software
Specify how detailed logs should be. Possible values: 'error', 'warning', 'notice', 'info', 'verbose', 'debug'
Specify an alternative output file than the default.
Specify a RSA key size in bits, the default value is 2048.
Show lastseen hostnames and IP addresses
Don't truncate -s / --show-hosts output
Remove keys for specified hostname/IP/MD5/SHA (cf-key -r SHA=12345, cf-key -r MD5=12345, cf-key -r host001, cf-key -r
Force removal of keys
Install license file on Enterprise server (CFEngine Enterprise Only)
Print digest of the specified public key
Make cf-serverd/cf-agent trust the specified public key. Argument value is of the form [[USER@]IPADDR:]FILENAME where FILENAME is the local path of the public key for client at IPADDR address.
Enable colorized output. Possible values: 'always', 'auto', 'never'. If option is used, the default value is 'auto'
Log timestamps on each line of log output
Do not lookup host names


CFEngine provides automated configuration management of large-scale computer systems. A system administrator describes the desired state of a system using CFEngine policy code. The program cf-agent reads policy code and attempts to bring the current system state to the desired state described. Policy code is downloaded by cf-agent from a cf-serverd daemon. The daemon cf-execd is responsible for running cf-agent periodically.
Documentation for CFEngine is available at


CFEngine is built on principles from promise theory, proposed by Mark Burgess in 2004. Promise theory is a model of voluntary cooperation between individual, autonomous actors or agents who publish their intentions to one another in the form of promises. A promise is a declaration of intent whose purpose is to increase the recipient's certainty about a claim of past, present or future behaviour. For a promise to increase certainty, the recipient needs to trust the promiser, but trust can also be built on the verification that previous promises have been kept, thus trust plays a symbiotic relationship with promises.
For an introduction to promise theory, please see


cf-key is part of CFEngine.
Binary packages may be downloaded from
The source code is available at


Please see the public bug-tracker at
GitHub pull-requests may be submitted to


cf-promises(8), cf-agent(8), cf-serverd(8), cf-execd(8), cf-monitord(8), cf-runagent(8), cf-key(8)


Mark Burgess and AS

CFEngine System Administration