DOKK / manpages / debian 13 / yubikey-manager / ykman.1.en
YKMAN(1) User Commands YKMAN(1)

ykman - YubiKey Manager (ykman)

ykman [OPTIONS] COMMAND [ARGS]...

Configure your YubiKey via the command line.

specify which YubiKey to interact with by serial number
specify a YubiKey by smart card reader name (can't be used with --device or list)
specify the CA to use to verify the SCP11 card key (CA-KLCC)
specify private key and certificate chain for secure messaging, can be used multiple times to provide key and certificates in multiple files (private key, certificates in leaf-last order), OR SCP03 keys in hex separated by colon (:) K-ENC:K-MAC[:K-DEK]
specify a password required to access the --scp file, if needed
enable logging at given verbosity level
write log to FILE instead of printing to stderr (requires --log-level)
show diagnostics information useful for troubleshooting
show version information about the app
show --help output, including hidden commands
show this message and exit

show general information
list connected YubiKeys
run a python script
configure the YubiKey, enable or disable applications
manage the FIDO applications
manage the YubiHSM Auth application
manage the OATH application
manage the OpenPGP application
manage the YubiOTP application
manage the PIV application

List connected YubiKeys, only output serial number:

$ ykman list --serials

Show information about YubiKey with serial number 123456:

$ ykman --device 123456 info

Experimental shell completion for the command line tool is available. To enable it, run this command once (for Bash):

$ source <(_YKMAN_COMPLETE=bash_source ykman | sudo tee /etc/bash_completion.d/ykman)

More information on shell completion (including instructions for other shells) is available at: https://click.palletsprojects.com/en/stable/shell-completion/

March 2025 ykman 5.6.1