knife user

The knife user subcommand is used to manage the list of users and their associated RSA public key-pairs.

Note

This subcommand ONLY works when run against the open source Chef server and will not run against Enterprise Chef (including hosted Enterprise Chef), or Private Chef.

Note

Review the list of common options available to this (and all) Knife subcommands and plugins.

create

The create argument is used to create a user. This process will generate an RSA key pair for the named user. The public key will be stored on the Chef server and the private key will be displayed on STDOUT or written to a named file.

• For the user, the private key should be copied to the system as /etc/chef/client.pem.
• For Knife, the private key is typically copied to ~/.chef/client_name.pem and referenced in the knife.rb configuration file.

Syntax

This argument has the following syntax:

$ knife user create USER_NAME (options)

Options

This argument has the following options:

-a, --admin

Indicates that a client will be created as an admin client. This is required when users of the open source Chef server need to access the Chef Server API as an administrator. This option only works when used with the open source Chef server and will have no effect when used with Enterprise Chef.

-f FILE_NAME, --file FILE_NAME

Use to save a private key to the specified file name.

-p PASSWORD, --password PASSWORD

The user password.

--user-key FILE_NAME

All users are assigned a public key. Use to write the public key to a file.

Examples

The following examples show how to use this Knife subcommand:

Create a user

$ knife user create "Radio Birdman" -f /keys/user_name

delete

The delete argument is used to delete a registered user.

Syntax

This argument has the following syntax:

$ knife user delete USER_NAME

Options

This command does not have any specific options.

Examples

The following examples show how to use this Knife subcommand:

Delete a user

$ knife user delete "Steve Danno"

edit

The edit argument is used to edit the details of a user. When this argument is run, Knife will open $EDITOR. When finished, Knife will update the Chef server with those changes.

Syntax

This argument has the following syntax:

$ knife user edit USER_NAME

Options

This command does not have any specific options.

Examples

None.

list

The list argument is used to view a list of registered users.

Syntax

This argument has the following syntax:

$ knife user list (options)

Options

This argument has the following options:

-w, --with-uri

Indicates that the corresponding URIs will be shown.

Examples

None.

reregister

The reregister argument is used to regenerate an RSA key pair for a user. The public key will be stored on the Chef server and the private key will be displayed on STDOUT or written to a named file.

Note

Running this argument will invalidate the previous RSA key pair, making it unusable during authentication to the Chef server.

Syntax

This argument has the following syntax:

$ knife user reregister USER_NAME (options)

Options

This argument has the following options:

-f FILE_NAME, --file FILE_NAME

Use to save a private key to the specified file name.

Examples

The following examples show how to use this Knife subcommand:

Regenerate the RSA key-pair

$ knife user reregister "Robert Younger"

show

The show argument is used to show the details of a user.

Syntax

This argument has the following syntax:

$ knife user show USER_NAME (options)

Options

This argument has the following options:

-a ATTR, --attribute ATTR

The attribute (or attributes) to show.

Examples

The following examples show how to use this Knife subcommand:

Show user data

To view a user named “Dennis Teck”, enter:

$ knife user show "Dennis Teck"

to return something like:

chef_type:   user
json_class:  Chef::User
name:        Dennis Teck
public_key:

Show user data as JSON

To view information in JSON format, use the -F common option as part of the command like this:

$ knife user show "Dennis Teck" -F json

(Other formats available include text, yaml, and pp, e.g. -F yaml for YAML.)