flux keygen [--name=NAME] [--meta=KEY=VAL...] PATH
flux-keygen(1) generates a long-term CURVE certificate used to secure the overlay network of a Flux system instance.
The Flux overlay network implements cryptographic privacy and data integrity when data is sent over a network. Point to point ZeroMQ TCP connections are protected with the CURVE security mechanism built into ZeroMQ version 4, based on curve25519 and a CurveCP-like protocol.
All brokers participating in the system instance must use the same certificate. The certificate is part of the bootstrap configuration.
Flux instances that bootstrap with PMI do not require a configured certificate. In that case, each broker self-generates a unique certificate and the public keys are exchanged with PMI.
flux-keygen accepts the following options:
- -n, --name=NAME
Set the certificate metadata
namefield. The value is logged when flux-broker(1) authenticates a peer that presents this certificate. A cluster name might be appropriate here. Default: the local hostname.
Set arbitrary certificate metadata. Multiple key-value pairs may be specified, separated by commas. This option may be specified multiple times.
Using ZeroMQ Security: http://hintjens.com/blog:48, http://hintjens.com/blog:49