diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/config.example.toml | 3 | ||||
| -rw-r--r-- | doc/nitrocli.1 | 26 | ||||
| -rw-r--r-- | doc/nitrocli.1.pdf | bin | 40972 -> 41970 bytes |
3 files changed, 25 insertions, 4 deletions
diff --git a/doc/config.example.toml b/doc/config.example.toml index a427749..eefdfa0 100644 --- a/doc/config.example.toml +++ b/doc/config.example.toml @@ -4,6 +4,9 @@ # The model to connect to (string, "pro" or "storage", default: not set). model = "pro" +# The serial number of the device to connect to (list of strings, default: +# empty). +serial_numbers = ["0xf00baa", "deadbeef"] # Do not cache secrets (boolean, default: false). no_cache = true # The log level (integer, default: 0). diff --git a/doc/nitrocli.1 b/doc/nitrocli.1 index 680af3b..8b04de6 100644 --- a/doc/nitrocli.1 +++ b/doc/nitrocli.1 @@ -12,16 +12,25 @@ It can be used to access the encrypted volume, the one-time password generator, and the password safe. .SS Device selection Per default, \fBnitrocli\fR connects to any attached Nitrokey device. -You can use the \fB\-\-model\fR option to select the device to connect to. -\fBnitrocli\fR fails if more than one attached Nitrokey device matches -this filter or if multiple Nitrokey devices are attached and this option -is not set. +You can use the \fB\-\-model\fR and \fB\-\-serial-number\fR options to select +the device to connect to. +\fBnitrocli\fR fails if more than one attached Nitrokey device matches this +filter or if multiple Nitrokey devices are attached and none of the filter +options is set. .SH OPTIONS .TP \fB\-m\fR, \fB\-\-model pro\fR|\fBstorage\fR Restrict connections to the given device model, see the Device selection section. .TP +\fB\-\-serial-number \fIserial-number\fR +Restrict connections to the given serial number, see the Device selection +section. +\fIserial-number\fR must be a hex string with an optional 0x prefix. +This option can be set multiple times to allow any of the given serial numbers. +Nitrokey Storage devices never match this restriction as they do not expose +their serial number in the USB device descriptor. +.TP \fB\-\-no\-cache\fR If this option is set, nitrocli will not cache any inquired secrets using \fBgpg\-agent\fR(1) but ask for them each time they are needed. @@ -302,6 +311,10 @@ The following values can be set in the configuration file: Restrict connections to the given device model (string, default: not set, see \fB\-\-model\fR). .TP +.B serial_numbers +Restrict connections to the given serial numbers (list of strings, default: +empty, see \fB\-\-serial-number\fR). +.TP .B no_cache If set to true, do not cache any inquired secrets (boolean, default: false, see \fB\-\-no\-cache\fR). @@ -311,6 +324,7 @@ Set the log level (integer, default: 0, see \fB\-\-verbose\fR). .P The configuration file must use the TOML format, for example: model = "pro" + serial_numbers = ["0xf00baa", "deadbeef"] no_cache = false verbosity = 0 @@ -343,6 +357,10 @@ configuration (see the Config file section): Restrict connections to the given device model (string, default: not set, see \fB\-\-model\fR). .TP +.B NITROCLI_SERIAL_NUMBERS +Restrict connections to the given list of serial numbers (comma-separated list +of strings, default: empty, see \fB\-\-serial-number\fR). +.TP .B NITROCLI_NO_CACHE If set to true, do not cache any inquired secrets (boolean, default: false, see \fB\-\-no\-cache\fR). diff --git a/doc/nitrocli.1.pdf b/doc/nitrocli.1.pdf Binary files differindex 015f379..73041ae 100644 --- a/doc/nitrocli.1.pdf +++ b/doc/nitrocli.1.pdf |