flux keygen [--name=NAME] [--meta=KEY=VAL...] PATH


flux keygen generates a long-term CURVE certificate used to secure the overlay network of a Flux system instance.

The Flux overlay network implements cryptographic privacy and data integrity when data is sent over a network. Point to point ZeroMQ TCP connections are protected with the CURVE security mechanism built into ZeroMQ version 4, based on curve25519 and a CurveCP-like protocol.

All brokers participating in the system instance must use the same certificate. The certificate is part of the bootstrap configuration.

Flux instances that bootstrap with PMI do not require a configured certificate. In that case, each broker self-generates a unique certificate and the public keys are exchanged with PMI.


flux keygen accepts the following options:

-n, --name=NAME

Set the certificate metadata name field. The value is logged when flux-broker(1) authenticates a peer that presents this certificate. A cluster name might be appropriate here. Default: the local hostname.


Set arbitrary certificate metadata. Multiple key-value pairs may be specified, separated by commas. This option may be specified multiple times.


Flux: http://flux-framework.org

Flux RFC: https://flux-framework.readthedocs.io/projects/flux-rfc

ZAP: http://rfc.zeromq.org/spec:27

CurveZMQ: http://curvezmq.org/page:read-the-docs

ZMTP/3.0: http://rfc.zeromq.org/spec:23

Using ZeroMQ Security: http://hintjens.com/blog:48, http://hintjens.com/blog:49