flux-keygen(1)
SYNOPSIS
flux keygen [--name=NAME] [--meta=KEY=VAL...] PATH
DESCRIPTION
flux keygen generates a long-term CURVE certificate used to secure the overlay network of a Flux system instance.
The Flux overlay network implements cryptographic privacy and data integrity when data is sent over a network. Point to point ZeroMQ TCP connections are protected with the CURVE security mechanism built into ZeroMQ version 4, based on curve25519 and a CurveCP-like protocol.
All brokers participating in the system instance must use the same certificate. The certificate is part of the bootstrap configuration.
Flux instances that bootstrap with PMI do not require a configured certificate. In that case, each broker self-generates a unique certificate and the public keys are exchanged with PMI.
OPTIONS
flux keygen accepts the following options:
- -n, --name=NAME
Set the certificate metadata
name
field. The value is logged when flux-broker(1) authenticates a peer that presents this certificate. A cluster name might be appropriate here. Default: the local hostname.
- --meta=KEY=VAL
Set arbitrary certificate metadata. Multiple key-value pairs may be specified, separated by commas. This option may be specified multiple times.
RESOURCES
Flux: http://flux-framework.org
Flux RFC: https://flux-framework.readthedocs.io/projects/flux-rfc
ZAP: http://rfc.zeromq.org/spec:27
CurveZMQ: http://curvezmq.org/page:read-the-docs
ZMTP/3.0: http://rfc.zeromq.org/spec:23
Using ZeroMQ Security: http://hintjens.com/blog:48, http://hintjens.com/blog:49