pykeymgr – Key management utility


pykeymgr [global-options] [command...] [arguments...]


The pykeymgr utility serves for key management in Knot DNS server.

Functions for DNSSEC keys and KASP (Key And Signature Policy) management are provided.

The DNSSEC and KASP configuration is stored in a so called KASP database. The database is backed by LMDB.

The utility requires installed python LMDB module, installed e.g. by:

$ pip install lmdb

Global options

-f, –force
Skip some of consistency checks and continue with performed action with a warning.
-h, –help
Print the program help.

Main commands

-i, –import KASP_db_dir
Import the legacy JSON-format KASP database into the current LMDB-backed one. (You can import multiple databases at once by repeating this option.)


A path to the KASP db. It is the directory where data.mdb and lock.mdb files are usually stored as well as legacy JSON configuration and keys subdirectory containing PEM files.


  1. Import legacy JSON-based KASP db from Knot 2.4.x after upgrade:

    $ pykemgr -i ${knot_data_dir}/keys

See Also

RFC 6781 - DNSSEC Operational Practices.

knot.conf(5), knotc(8), knotd(8).