⭕Setting up CLI / ykman

Instructions on setting up the ykman command-line interface.

CLI (command-line interface) is a great way of managing your Yubikey's PIV, OTP, FIDO, OATH, and GPG interfaces and the data it stores. It's an alternative way of managing your Yubikey rather than the Yubikey Manager software.

You may ask "What's the difference?", and there is a lot. The Yubikey Manager software is great, but it is severely limited. There's a whole world out there in the difference between what the Yubikey Manager will let you do, and the capabilities of the CLI called ykman.

❊ How to Get

The command-line tool made for Yubikey is a program called ykman. It gets installed on your system when you download and install the Yubikey Manager. If you currently have the Yubikey Manager program installed, then you also have ykman.

❊ Where is it?

The ykman CLI sits in the same folder as your Yubikey Manager program's exe file.

Read the documentation provided by Yubico for a way to find this CLI depending on your Operating System which has been linked here.

Open up your Command Prompt, Terminal, or Powershell application and execute the command below:

Windows

cd "C:\Program Files\Yubico\YubiKey Manager\"

MacOS

cd "/Applications/YubiKey Manager.app/Contents/MacOS/"

❊ Accessing ykman

If you want to run commands with ykman, you have two options:

1. Change to the directory where ykman.exe is every time you open Command Prompt, Terminal, or Powershell, OR;

2. Create an environment variable which allows you to open Command Prompt, Terminal, or Powershell and immediately start typing your command no matter what folder you are in.

Setting up Environment Variables (Windows)

Click and type Environment.

The option Edit the system environment variables should appear.

Once the dialog box appears on the Advanced tab, at the bottom, click

You should see two seperate boxes labeled USER VARIABLES and SYSTEM VARIABLES.

In the System Variables box, locate the line which defines Path.

Highlight the Path line and then click

We need to add the Yubikey Manager directory as a new system variable.

Select on the right hand side of the new dialog window.

You will notice a box open up at the very bottom of the window where you can type.

In the box, enter C:\Program Files\Yubico\YubiKey Manager

While you're here, if you plan on using GPG with your Yubikey and are running Windows, you can also add:

C:\Program Files (x86)\GnuPG\bin

Once you enter the path to Yubikey Manager, you can click

You have now created a System Environment Variable which will become extremely useful.

To test if it works, open Command Prompt, Terminal, or Powershell in a new window. You should start in your user's home folder which is C:\Users\yourusername.

In the box, simply type ykman and press enter.

You should see a large amount of text print in your window:

If you see the output of ykman without being in the Yubikey Manager folder, that means your system environment variable is working. You can now run ykman commands from any folder.

This becomes extremely helpful and less annoying.

However, if you get any of the following:

The term 'ykman' is not recognized as a name of a cmdlet

'ykman' is not recognized as an internal or external command, operable program or batch file.

Go back to your system environment variables list again and confirm you typed the correct path. Open your File Manager and try to go to the folder C:\Program Files\Yubico\YubiKey Manager

If you do not see the folder at all, make sure you have Yubikey Manager installed.

Finally, try rebooting your system after confirming everything else.

If you had your Command Prompt or Powershell open before you added the environment variable, close it and open a new instance before trying to execute ykman so that the new variable changes can take effect.

❊ Now What?

You have unlocked a whole new world of options on how you can configure your Yubikey.

We recommend checking out our Setting up a New Key guide to see if there's anything there you want to do.

You can also view our guide on Setting Up GPG.