Comment on page
Our provisioning client allows you to easily populate the OpenPGP application on a YubiKey, and share its public information inside Defguard.
It's completely safe, we are not storing private keys. Every key is provisioned inside an encapsulated session so any gpg related files are deleted right after the process ends successfully or not. Only public PGP and SSH keys are sent to Defguard so you can access them at any time.
Currently, we provide Linux .rpm and .deb packages alongside Docker image, but provisioning clients can also be compiled and run under Windows and MacOS.
Note that if you decide to use Docker make sure your container has access to host machine devices, otherwise, you will encounter
No keys detectederror.
All of the available options are described in help:
Configuration can be provided in CLI with options, in environment variables, or via
To register a new provisioning client you will need an access token provided by your instance. You can find it in the info card on the "Provisioners" page.
You can see available clients in Defguard web-application under "provisioners" tab.
To provision the key:
- 1.select the user from "Users" page in Defguard web application (or go to "My Profile" if you're provisioning a key for yourself)
- 2.insert a YubiKey to machine that is running the provisioner client.
- 3.select "Provision YubiKey" from the actions menu for a User in list.
- 4.select your provisioner and click the "Provision YubiKey" button
The service will take a short moment to prepare and provision your keys. Once that's done you'll see a modal with your public keys that are now stored in Defguard. If the process fails for some reason you will see a short error reason returned by the provisioner.
If the client will not detect your YubiKey, it may work if you unplug and plug it back into your machine. If you are running on Linux, try to restart the pcscd service. If you are using docker image, make sure the container has access to your host devices.