keystone commands

The keystone client is the command-line interface (CLI) for the OpenStack Identity API and its extensions.

For help on a specific keystone command, enter:

$ keystone help COMMAND

Keystone Usage

[--os-username <auth-user-name>]

[--os-password <auth-password>]

[--os-tenant-name <auth-tenant-name>]

[--os-tenant-id <tenant-id>] [--os-auth-url <auth-url>]

[--os-region-name <region-name>]

[--os-identity-api-version <identity-api-version>]

[--os-token <service-token>]

[--os-endpoint <service-endpoint>]

[--os-cacert <ca-certificate>] [--insecure]

[--os-cert <certificate>] [--os-key <key>] [--os-cache]

[--force-new-token] [--stale-duration <seconds>]

<subcommand> ...

Subcommands

Command Description
catalog List service catalog, possibly filtered by service.
ec2-credentials-create Create EC2-compatible credentials for user per tenant.
ec2-credentials-delete Delete EC2-compatible credentials.
ec2-credentials-get Display EC2-compatible credentials.
ec2-credentials-list List EC2-compatible credentials for a user
password-update Update own password.
role-list List all roles.
token-get Display the current user token.
user-password-update Update user password.
user-update Update user's name, email, and enabled status.
discover Discover Keystone servers, supported API versions and extensions.
bash-completion Prints all of the commands and options to stdout.
help Display help about this program or one of its subcommands.

keystone optional arguments

Command Description
--version Shows the client version and exits
--timeout <seconds> Set request timeout (in seconds)
--os-username <auth-user-name> Name used for authentication with the OpenStack Identity service. Defaults to env[OS_USERNAME]
--os-password <auth-password> Password used for authentication with the OpenStack Identity service. Defaults to env[OS_PASSWORD]
--os-tenant-name <auth-tenant-name> Tenant to request authorization on. Defaults to env[OS_TENANT_NAME]
--os-tenant-id <tenant-id> Tenant to request authorization on. Defaults to env[OS_TENANT_ID]
--os-auth-url <auth-url> Specify the Identity endpoint to use for authentication. Defaults to env[OS_AUTH_URL]
--os-region-name <region-name> Defaults to env[OS_REGION_NAME]
--os-identity-api-version <identity-api-version> Defaults to env[OS_IDENTITY_API_VERSION] or 2.0
--os-token <service-token> Specify an existing token to use instead of retrieving one via authentication (e.g. with username & password). Defaults to env[OS_SERVICE_TOKEN]
--os-endpoint <service-endpoint> Specify an endpoint to use instead of retrieving one from the service catalog (via authentication). Defaults to env[OS_SERVICE_ENDPOINT]
--os-cacert <ca-certificate> Specify a CA bundle file to use in verifying a TLS (https) server certificate. Defaults to env[OS_CACERT]
--insecure Explicitly allow keystoneclient to perform "insecure" TLS (https) requests. The server's certificate will not be verified against any certificate authorities. This option should be used with caution.
--os-cert <certificate> Defaults to env[OS_CERT]
--os-key <key> Defaults to env[OS_KEY]
--os-cache Use the auth token cache. Defaults to env[OS_CACHE]
--force-new-token If the keyring is available and in use, token will always be stored and fetched from the keyring until the token has expired. Use this option to request a new token and replace the existing one in the keyring.
--stale-duration <seconds> Stale duration (in seconds) used to determine whether a token has expired when retrieving it from keyring. This is useful in mitigating process or network delays. Default is 30 seconds.

keystone catalog command

usage: keystone catalog [--service <service-type>]

List service catalog, possibly filtered by service.

Arguments

Command Description
--service <service-type> Service type to return

keystone discover command

usage: keystone discover

Discover Keystone servers, supported API versions and extensions. Usage:: $ keystone discover Keystone found at http://localhost:35357 - supports version v1.0 (DEPRECATED) here http://localhost:35357/v1.0 - supports version v1.1 (CURRENT) here http://localhost:35357/v1.1 - supports version v2.0 (CURRENT) here http://localhost:35357/v2.0 - and RAX-KSKEY: Rackspace API Key Authentication Admin Extension - and RAX-KSGRP: Rackspace Keystone Group Extensions

keystone ec2-credentials-create command

usage: keystone ec2-credentials-create [--user-id <user-id>]

[--tenant-id <tenant-id>]

Create EC2-compatible credentials for user per tenant.

Arguments

Command Description
--user-id <user-id> User ID
--tenant-id <tenant-id> Tenant ID

keystone ec2-credentials-delete command

usage: keystone ec2-credentials-delete [--user-id <user-id>] --access

<access-key>

Delete EC2-compatible credentials.

Arguments

Command Description
--user-id <user-id> User ID
--access <access-key> Access Key

keystone ec2-credentials-get command

usage: keystone ec2-credentials-get [--user-id <user-id>] --access

<access-key>

Display EC2-compatible credentials.

Arguments

Command Description
--user-id <user-id> User ID
--access <access-key> Access Key

keystone ec2-credentials-list command

usage: keystone ec2-credentials-list [--user-id <user-id>]

List EC2-compatible credentials for a user

Arguments

Command Description
--user-id <user-id> User ID

keystone password-update command

usage: keystone password-update [--current-password <current-password>]

[--new-password <new-password>]

Update own password.

Arguments

Command Description
--current-password <current-password> Current password, Defaults to the password as set by --os-password or OS_PASSWORD
--new-password <new-password> Desired new password

keystone token-get command

usage: keystone token-get [--wrap <integer>]

Display the current user token.

Arguments

Command Description
--wrap <integer> wrap PKI tokens to a specified length, or 0 to disable

keystone user-password-update command

usage: keystone user-password-update [--pass <password>] <user>

Update user password.

Arguments

Command Description
--pass <password> Desired new password
<user> Name or ID of user to update password

keystone user-update command

usage: keystone user-update [--name <user-name>] [--email <email>]

[--enabled <true|false>]

<user>

Update user's name, email, and enabled status.

Arguments

Command Description
--name <user-name> Desired new user name
--email <email> Desired new email address
--enabled <true|false> Enable or disable user
<user> Name or ID of user to update
  • AURO
  • Latest News

Canadian Cloud Leader AURO Announces $100 in Cloud Credits for All New Customers in Honour of OpenStack Summit

With Tier 1 high performance, this addition to AURO's cloud computing product suite will guarantee IOPS and give customers faster storage for their database and applications.

  • Download
  • Free Whitepapers

Get the guides, facts, reports, and diagrams you need.

Download Now

See more resources

  • Get in Touch
  • 1.855.226.4678

Call Free anytime:

MORE CONTACT OPTIONS