⭕Setting up CLI / ykman
Instructions on setting up the ykman command-line interface.
Last updated
Instructions on setting up the ykman command-line interface.
Last updated
CLI (command-line interface) is a great way of managing your Yubikey's PIV, OTP, FIDO, OATH, and GPG interfaces and the data it stores. It's an alternative way of managing your Yubikey rather than the Yubikey Manager software.
You may ask "What's the difference?", and there is a lot. The Yubikey Manager software is great, but it is severely limited. There's a whole world out there in the difference between what the Yubikey Manager will let you do, and the capabilities of the CLI called ykman.
The ykman CLI sits in the same folder as your Yubikey Manager program's exe file.
Open up your Command Prompt, Terminal, or Powershell application and execute the command below:
If you want to run commands with ykman, you have two options:
Change to the directory where ykman.exe is every time you open Command Prompt, Terminal, or Powershell, OR;
Create an environment variable which allows you to open Command Prompt, Terminal, or Powershell and immediately start typing your command no matter what folder you are in.
The option Edit the system environment variables should appear.
You should see two seperate boxes labeled USER VARIABLES and SYSTEM VARIABLES.
In the System Variables box, locate the line which defines Path.
We need to add the Yubikey Manager directory as a new system variable.
You will notice a box open up at the very bottom of the window where you can type.
In the box, enter C:\Program Files\Yubico\YubiKey Manager
While you're here, if you plan on using GPG with your Yubikey and are running Windows, you can also add:
C:\Program Files (x86)\GnuPG\bin
You have now created a System Environment Variable which will become extremely useful.
To test if it works, open Command Prompt, Terminal, or Powershell in a new window. You should start in your user's home folder which is C:\Users\yourusername.
In the box, simply type ykman and press enter.
You should see a large amount of text print in your window:
If you see the output of ykman without being in the Yubikey Manager folder, that means your system environment variable is working. You can now run ykman commands from any folder.
This becomes extremely helpful and less annoying.
However, if you get any of the following:
Go back to your system environment variables list again and confirm you typed the correct path. Open your File Manager and try to go to the folder C:\Program Files\Yubico\YubiKey Manager
Finally, try rebooting your system after confirming everything else.
If you had your Command Prompt or Powershell open before you added the environment variable, close it and open a new instance before trying to execute ykman so that the new variable changes can take effect.
You have unlocked a whole new world of options on how you can configure your Yubikey.
The command-line tool made for Yubikey is a program called ykman. It gets installed on your system when you download and install the Yubikey Manager. If you currently have the Yubikey Manager program installed, then you also have ykman.
Click and type Environment.
Once the dialog box appears on the Advanced tab, at the bottom, click
Highlight the Path line and then click
Select on the right hand side of the new dialog window.
Once you enter the path to Yubikey Manager, you can click
If you do not see the folder at all, make sure you have Yubikey Manager installed.
We recommend checking out our Setting up a New Key guide to see if there's anything there you want to do.
You can also view our guide on Setting Up GPG.
