Keychain_Credential

The SCALE CLI guide is a work in progress! New namespace and command documentation is continually added and maintained, so check back here often to see what is new!

Keychain_Credential Namespace

The keychain_credential namespace has nine commands and is based on SSH credential and keypair creation and management functions found in the SCALE API and web UI. It provides access to backup credential methods through the keychain_credential commands.

Keychain_Credential Commands

The following keychain_credential commands allow you to create new and manage existing SSH credentials and keypairs.

You can enter commands from the main CLI prompt or from the keychain_credential namespace prompt.

Interactive Argument Editor (TUI)

Enter the -- flag following any CLI command to open the interactive arguments editor text-based user interface (TUI).

Click for more information

The interactive argument editor is a text user interface (TUI) that can help enter complex commands with multiple configurable properties. It shows expected properties, defaults, input types (string, boolean, integer, or array), and can include command instructions or warnings.

Optional properties, indicated by the # symbol, are disabled by default. Required properties are enabled. Do not disable properties that are enabled by default.

To configure required properties, enter a space after the colon then add the value.

To enable optional properties, delete # from the corresponding line.

Some required properties are disabled if they are part of a pair of properties where one or the other is required. Select one property to enable and enter a value.

Press F2 or click Save to save the modified file.

Press F10, Esc, or click Quit to exit the TUI. The command automatically executes upon exit.

Create Command

Use the create command to create a keypair or SSH credential. This command is very complex. Use the UI or the interactive argument editor to create a new keypair or SSH connection.

The TrueNAS CLI guide for SCALE is a work in progress! This command has not been fully tested and validated. Full documentation is still being developed. Check back for updated information.

Delete Command

The delete command removes the keypair or SSH credential matching the ID entered.

Use the system keychain_credential query to obtain ID numbers for keypairs or SSH credentials on the system and to verify the command is successful.

Using the Delete Command

Description

The Delete command has one required property argument, id. id is the system-assigned identification number for the credential. Enter the property argument using the = delimiter to separate property and value. Enter the command string then press Enter. The command returns an empty line.

Usage

From the CLI prompt, enter:

system keychain_credential delete id=1

Where 1 is the system-assigned ID for the keypair or SSH credential.

Command Example
system keychain_credential delete id=1

Generate_SSH_Key_Pair Command

The generate_ssh_key_pair command generates a new private and public key to use when creating SSH keypairs.

Use the UI to download public and private key values.

Using the Generate_SSH_Key_Pair Command

Description

The Generate_SSH_Key_Pair does not require entering a property argument. Enter the command then press Enter. The command returns new public and private keys.

Usage

From the CLI prompt, enter:

system keychain_credential generate_ssh_key_pair

Command Example
system keychain_credential generate_ssh_key_pair
+-------------+------------------------------------------------------------------+
| private_key | -----BEGIN OPENSSH PRIVATE KEY-----                              |
|             | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAA... |
|             | NhAAAAAwEAAQAAAYEAvU17miIIqegbLN/11hfoldXfJb5Mjdq/F8EmHRaQJsd... |
|             | hQh5zLAq6uixDv1dBdFMtLMyG9H2fYzT/y0ZpLY2qbfnAZjexb7idh52ohvV/... |
|             | eK3NHbEbeZ92+YQQCYMK1z39h1AUN0Smhbd0YV2vnFX+w2CFpSndFohpBCVL1... |
|             | AbSxmj55uGN1w3JdQ0z3BZMah7RtcCzu6VYfgCBhIC0Myw74iudp0DkP3uBrk... |
|             | wIP/z86uLqrY0ZjzRZJQLlHt1pNsgTZU4p8GrsCr5m0qt2Obsl97puJ1D3Bby... |
|             | TjzNQb048SkU/xsFSmdpG3QJFDqNBCpIzgyfFDYalKAc+YgwQ5BoFQMesuMaU... |
|             | tVeEVEE7FJGG66Qo/byeW4Z9RNC6+iYbhAbWlPzj/ofvBdscEIdJ/9oBnKcAQ... |
|             | 7HafLUoRKVtwF70XSNGwvWDTh/HQX6hGQqfUh65XAAAFiCiaL8Aomi/AAAAAB... |
|             | EAAAGBAL1Ne5oiCKnoGyzf9dYX6JXV3yW+TI3avxfBJh0WkCbHZRQ6J+h3BoU... |
|             | sQ79XQXRTLSzMhvR9n2M0/8tGaS2Nqm35wGY3sW+4nYedqIb1f290POR0/Hni... |
|             | dvmEEAmDCtc9/YdQFDdEpoW3dGFdr5xV/sNghaUp3RaIaQQlS9bT3geN8CIgG... |
|             | dcNyXUNM9wWTGoe0bXAs7ulWH4AgYSAtDMsO+IrnadA5D97ga5Nryu69p7KMC... |
|             | 2NGY80WSUC5R7daTbIE2VOKfBq7Aq+ZtKrdjm7Jfe6bidQ9wW8pbyCo8VqVk4... |
|             | FP8bBUpnaRt0CRQ6jQQqSM4MnxQ2GpSgHPmIMEOQaBUDHrLjGlJYEEME7bSrV... |
|             | huukKP28nluGfUTQuvomG4QG1pT84/6H7wXbHBCHSf/aAZynAEGni0DZiwV+x... |
|             | cBe9F0jRsL1g04fx0F+oRkKn1IeuVwAAAAMBAAEAAAGAIYlpFODjrQowSk5xF... |
|             | G3CUiQIyq2UF/vcNdRanh1GoN/tbDPNzqcl9pah9/OC5pNXxQCFBip9QsugZ4... |
|             | YsGM8faD005JUSXiTt5CduxGYqxVFxLcnzJqRgJQtG9hBvqrtSP5cpxbLVV4o... |
|             | vO5MLvsQLo5DIJdk7K3DP45fVQRgIXls5rrQV91v7bU/F+L9AkWpdV7hIfz1n... |
|             | iZng4WbnAZsiWydiF494aWhEnXji3uwNRekTEgWbZnsgex8Rj7nqa+f6+oGhO... |
|             | WLNQPo//IypZx6oyN4vKAf8FydpWyxAof+DquOCklom0kGDFq6vxWKcnKefi6... |
|             | 82OmEo/DX+FVTAiSyrQMJZSuiZaBjEm9UbC+YyffcHpJ+J6bCPPSHTVBG0lwG... |
|             | QCYZoAgDbHkxEec33zn2JooctV1BRbyrtu6rwYWdY8tpYcxvQ7+uU1RBU0ft2... |
|             | wQDkPWXMh+TVjLS8prnpjut6FDnWU3+XaP2GjVvre+03TfPUWO6t540Y0E3hC... |
|             | CQ2gXLcjC1uPdmD18opRO6WIzYB1DzTdrvtvnliIjWpgeo9nLaMmLAiUby/6l... |
|             | TXjtm9eDE18NGoXDjYc5NFIg5cWoeWB5hrbCnuoZogDkr2FQ5LGG8KboMqi2w... |
|             | SkK047qjBF54v56cdwBen3yGhXLzkkSPQPBhTd4wTZz+H9oekAAADBAPFCCYR... |
|             | dzstfWP6htlhklD4wUMox2ODMgGRT0PoM3x2f3StzjfKUY/xboKXz6IgAz09H... |
|             | vDEH31INV+/LOCIqyoqm5/bMZr3zQhjTDrNeZKmuWIFJ5UA5xXRHiOS8hOQbM... |
|             | jfEY7OpLIf4T55x7+y1/gUUBtqicB3eyvxQxS74XfDxw7l0hMJDXLXHcvD+Ok... |
|             | Ag/Csze1IGN69cmNm6T/+26RE6tFPGGwAAAMEAyN63dyOpth1F0XODFqJ5sXt... |
|             | GWIir/0XecQedi3g7stAd50JK5Z9z0DsetnfWbldz9tVgy4g+LSa/p2vy7JkG... |
|             | ftixJIG32awsKx9zVV9vMR1yEZeLgNxf436yqTtEEU+Zj2zaefbaIkavb6cDV... |
|             | a+wDVYV1pTG464Iqr0Xl35bZEQeV5W9YeNN+Gg5c3ULkopMW+4F1gNs4pY9Rn... |
|             | pVUVMxmcKFrKx1AAAADHJvb3RAdHJ1ZW5hcwECAwQFBg==                   |
|             | -----END OPENSSH PRIVATE KEY-----                                |
|             |                                                                  |
|  public_key | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9TXuaIgip6Bss3/XWF+iV1... |
|             |                                                                  |
+-------------+------------------------------------------------------------------+

Get_Instance Command

The get_instance command lists the properties for the keypair or SSH connection ID entered.

Using the Get_Instance Command

Description

The get_instance command has one required property argument, id. id is the system-assigned identification number for the credential. Enter the property argument using the = delimiter to separate property and value. Enter the command string then press Enter. The command returns a table with name, type, and ID assigned to the keychain credentials.

Usage

From the CLI prompt, enter:

system keychain_credential get_instance id=1

Where 1 is the system-assigned ID for the keychain credential.

Command Example
system keychain_credential get_instance 1
+------------+-----------------+
|         id | 1               |
|       name | Test System Key |
|       type | SSH_KEY_PAIR    |
| attributes | <dict>          |
+------------+-----------------+

Query Command

The query command lists all keypairs and connections configured on the system.

Using the Query Command

Description

The query command does not require entering a property argument. Enter the command string then press Enter. The command returns a table with name, type and ID assigned to the keychain credentials.

Usage

From the CLI prompt, enter:

system keychain_credential query

Command Example
system keychain_credential query
+----+-----------------+-----------------+------------+
| id | name            | type            | attributes |
+----+-----------------+-----------------+------------+
| 1  | Test System Key | SSH_KEY_PAIR    | <dict>     |
| 2  | Test System     | SSH_CREDENTIALS | <dict>     |
+----+-----------------+-----------------+------------+

Remote_Ssh_Host_Key_Scan Command

Use the remote_ssh_host_key_scan to discover a remote system host key.

The TrueNAS CLI guide for SCALE is a work in progress! This command has not been fully tested and validated. Full documentation is still being developed. Check back for updated information.

Remote_Ssh_Semiautomatic_Setup Command

Use the remote_ssh_semiautomatic_setup to perform a semi-automatic SSH connection setup with another system.

The TrueNAS CLI guide for SCALE is a work in progress! This command has not been fully tested and validated. Full documentation is still being developed. Check back for updated information.

Setup_Ssh_Connection Command

Use the setup_ssh_connection to create an SSH connection.

The TrueNAS CLI guide for SCALE is a work in progress! This command has not been fully tested and validated. Full documentation is still being developed. Check back for updated information.

Update Command

Use the update command to update properties for the credential matching the ID entered.

Use system keychain_credential query to get a list of all credentials on the system and the assigned ID numbers.

Using the Update Command

Description

The update command has one required property argument, id, and two optional properties, name and attributes. id is the system-assigned identification number for the credential. See Update Properties for details on the other properties. Enter the command string then press Enter. The command returns an empty line.

Update Properties

attribute properties change based on the type. type is either SSH_KEY_PAIR or SSH_CREDENTIALS. Enter the property argument using the = delimiter to separate property and value.

PropertyRequiredDescriptionSyntax Example
nameYesEnter a new name for the credential.name="CredentialName"
attributeYesAttributes change based on type. See SSH_Key_PAIR Attributes Properties or SSH_CREDENTIALS Attributes Properties below for details.attributes={}

Use the properties listed below when type is SSH_KEY_PAIR.

SSH_KEY_PAIR Attributes Properties

Enter attribute property arguments inside the curly brackets {}, with double-quoted property and value separated by the : delimiter.

PropertyRequiredDescriptionSyntax Example
public_keyNoEnter or paste a public key. If omitted, this is automatically derived from private key. Enter the value in double quotes.public_key=publicKeyString
private_keyYesEnter or paste the private key. Paste either or both public and private keys. If only public key, it is stored alone. If only private key the public key is automatically calculated and entered in the public key field. Enter the value in double quotes.private_key=privateKeyString

Use the properties listed below when type is SSH_CREDENTIALS.

SSH_CREDENTIAL Attributes Properties

Enter attribute property arguments inside the curly brackets {}, with double-quoted property and value separated by the : delimiter. The private_key and remote_host_key properties are work in progress properties.

PropertyDescriptionSyntax Example
hostEnter the remote system host name or IP address.“host”:"a.b.c.d"
portPort number on the remote system to use for the SSH connection or use the default is 22.“port”:"22"
usernameEnter the username on the remote system to log in via SSH. Default is root. Username should not begin with a number.“username”:"adminUserName"
connect_timeoutEnter the time in seconds before the system stops attempting to establish a connection with the remote system. Default is 10.“connect_timeout”:"10"

Usage

From the CLI prompt, enter:

system keychain_credential update id=1 name="newCredentialName"

Where:

  • 1 is the system-assigned ID for the keychain credential.
  • newCredentialName is a new name for the credential (keypair or SSH connection).

Command Example
system keychain_credential update id=5 name="Grem1 Key"

Used_By Command done

The used_by command lists the objects using this credential for the ID entered. For example, a replication task to a remote system.

Using the Used_By Command

Description

The used_by command has one required property argument, id. id is the system-assigned identification number for the credential. Enter the property argument using the = delimiter to separate property and value. Enter the command string then press Enter. The command returns a table with the title and unbind method for the entered keychain credential ID.

Usage

From the CLI prompt, enter:

system keychain_credential used_by id=5

Where 5 is the system-assigned ID for the keychain credential.

Command Example
system keychain_credential used_by id=5
+-----------------------------------------------------------+---------------+
| title                                                     | unbind_method |
+-----------------------------------------------------------+---------------+
| SSH credentials grem1                                     | delete        |
| Replication task tank/reptests - MyPool/DataPool1/reptest | disable       |
+-----------------------------------------------------------+---------------+