open-nomad/website/content/docs/commands/operator/keygen.mdx

---
layout: docs
page_title: 'Commands: operator keygen'
description: >
  The `operator keygen` command generates an encryption key that can be used for
  Nomad server's gossip traffic encryption. The keygen command uses a
  cryptographically strong pseudo-random number generator to generate the key.
---

# Command: operator keygen

The `operator keygen` command generates an encryption key that can be used for
Nomad server's gossip traffic encryption. The keygen command uses a
cryptographically strong pseudo-random number generator to generate the key.

The resulting key is encoded in the [RFC4648] "URL and filename safe" base64
alphabet. If you use another tool such as OpenSSL to generate the gossip key,
you should pipe the input through the `base64(1)` command to ensure it is
safely encoded. For example: `openssl rand 32 | base64`

## Usage

```plaintext
nomad operator keygen
```

## Example

```shell-session
$ nomad operator keygen
6RhfKFZ5uYEaU6RgWzx69ssLcpiIkvnEZs5KBOQxvxA=
```

[rfc4648]: https://tools.ietf.org/html/rfc4648#section-5
Enable serf encryption (#1791) * Added the keygen command * Added support for gossip encryption * Changed the URL for keyring management * Fixed the cli * Added some tests * Added tests for keyring operations * Added a test for removal of keys * Added some docs * Fixed some docs * Added general options 2016-10-17 17:48:04 +00:00			`---`
new website :sparkles: 2020-02-06 23:45:31 +00:00			`layout: docs`
			`page_title: 'Commands: operator keygen'`
Enable serf encryption (#1791) * Added the keygen command * Added support for gossip encryption * Changed the URL for keyring management * Fixed the cli * Added some tests * Added tests for keyring operations * Added a test for removal of keys * Added some docs * Fixed some docs * Added general options 2016-10-17 17:48:04 +00:00			`description: >`
Fixup for command section of website * changed list indicator from * -> - * moved in-text links to reference links * made commands `plaintext` * made command examples `console` * rewrapped text 2019-10-22 13:44:00 +00:00			The `operator keygen` command generates an encryption key that can be used for
			`Nomad server's gossip traffic encryption. The keygen command uses a`
Enable serf encryption (#1791) * Added the keygen command * Added support for gossip encryption * Changed the URL for keyring management * Fixed the cli * Added some tests * Added tests for keyring operations * Added a test for removal of keys * Added some docs * Fixed some docs * Added general options 2016-10-17 17:48:04 +00:00			`cryptographically strong pseudo-random number generator to generate the key.`
			`---`

Fix old references 2018-03-22 20:39:18 +00:00			`# Command: operator keygen`
Enable serf encryption (#1791) * Added the keygen command * Added support for gossip encryption * Changed the URL for keyring management * Fixed the cli * Added some tests * Added tests for keyring operations * Added a test for removal of keys * Added some docs * Fixed some docs * Added general options 2016-10-17 17:48:04 +00:00
Fixup for command section of website * changed list indicator from * -> - * moved in-text links to reference links * made commands `plaintext` * made command examples `console` * rewrapped text 2019-10-22 13:44:00 +00:00			The `operator keygen` command generates an encryption key that can be used for
new website :sparkles: 2020-02-06 23:45:31 +00:00			`Nomad server's gossip traffic encryption. The keygen command uses a`
Fixup for command section of website * changed list indicator from * -> - * moved in-text links to reference links * made commands `plaintext` * made command examples `console` * rewrapped text 2019-10-22 13:44:00 +00:00			`cryptographically strong pseudo-random number generator to generate the key.`
Enable serf encryption (#1791) * Added the keygen command * Added support for gossip encryption * Changed the URL for keyring management * Fixed the cli * Added some tests * Added tests for keyring operations * Added a test for removal of keys * Added some docs * Fixed some docs * Added general options 2016-10-17 17:48:04 +00:00
docs: describe gossip encryption encoding requirements 2020-12-18 13:29:38 +00:00			`The resulting key is encoded in the [RFC4648] "URL and filename safe" base64`
			`alphabet. If you use another tool such as OpenSSL to generate the gossip key,`
			you should pipe the input through the `base64(1)` command to ensure it is
The encryption key uses 32 bytes now The encryption key uses 32 bytes now, not 16 bytes 2021-02-11 11:55:52 +00:00			safely encoded. For example: `openssl rand 32 \| base64`
docs: describe gossip encryption encoding requirements 2020-12-18 13:29:38 +00:00
Fixup for command section of website * changed list indicator from * -> - * moved in-text links to reference links * made commands `plaintext` * made command examples `console` * rewrapped text 2019-10-22 13:44:00 +00:00			`## Usage`
Enable serf encryption (#1791) * Added the keygen command * Added support for gossip encryption * Changed the URL for keyring management * Fixed the cli * Added some tests * Added tests for keyring operations * Added a test for removal of keys * Added some docs * Fixed some docs * Added general options 2016-10-17 17:48:04 +00:00
Fixup for command section of website * changed list indicator from * -> - * moved in-text links to reference links * made commands `plaintext` * made command examples `console` * rewrapped text 2019-10-22 13:44:00 +00:00			```plaintext
nested command docs 2018-03-22 17:56:06 +00:00			`nomad operator keygen`
Enable serf encryption (#1791) * Added the keygen command * Added support for gossip encryption * Changed the URL for keyring management * Fixed the cli * Added some tests * Added tests for keyring operations * Added a test for removal of keys * Added some docs * Fixed some docs * Added general options 2016-10-17 17:48:04 +00:00			```

			`## Example`

fix shell-session snippet error 2020-05-18 20:53:06 +00:00			```shell-session
			`$ nomad operator keygen`
Update nomad operator keygen example command in docs 2020-09-30 21:07:31 +00:00			`6RhfKFZ5uYEaU6RgWzx69ssLcpiIkvnEZs5KBOQxvxA=`
Enable serf encryption (#1791) * Added the keygen command * Added support for gossip encryption * Changed the URL for keyring management * Fixed the cli * Added some tests * Added tests for keyring operations * Added a test for removal of keys * Added some docs * Fixed some docs * Added general options 2016-10-17 17:48:04 +00:00			```
docs: describe gossip encryption encoding requirements 2020-12-18 13:29:38 +00:00
feat(website): migrates to new nav data format (#10264) 2021-03-31 13:43:17 +00:00			`[rfc4648]: https://tools.ietf.org/html/rfc4648#section-5`