1. Home
  2. yubihsm-manager

YubiHSM Manager

The YubiHSM Manager is an interactive CLI with guided menus for YubiHSM 2 management. It supersedes the previous yubihsm-setup tool with a more user-friendly interface and expanded functionality. It is also part of the YubiHSM SDK.

YubiHSM Manger is mainly used to manage asymmetric and symmetric keys, authentication keys and wrap keys as well as setting up the YubiHSM2 for specific usecases. It also has support for scripting functionality.

Use this tool instead of yubihsm-setup. Use Space key to select and deselect options in multi-choice questions. Use ESC key to cancel current operation.

Build

To build the tool a normal Rust toolchain is required, stable Rust will suffice.

The tool has a dependency on yubihsmrs which it automatically pulls from https://github.com/Yubico/yubihsm-manager.git at build time.

Set the environment variable YUBIHSM_LIB_DIR to point to the directory containing the libyubihsm library then run:

``` $ cargo build ```

Run

Set the environment variable LD_LIBRARY_PATH to point to the directory containing the libyubihsm library then run:

``` $ cargo run ```

Or

``` $ ./target/debug/yubihsm-manager ```

Note that on Windows, the libyubihsm.dll need to be in PATH

Run tests

To run automated test that do not require a YubiHSM 2 device to be connected, run:

``` $ cargo test ```

To run tests that require a YubiHSM 2 device to be connected, run:

``` $ cargo test --features device-tests — --test-threads=1 ```

Note that the test-threads needs to be set to 1 because only one operation can be run in the YubiHSM 2 at a time.

To run individual tests, run:

``` $ cargo test <TEST_NAME> ```

or for tests that require a YubiHSM 2 device to be connected, run:

``` $ cargo test --features device-tests — --test-threads=1 <TEST_NAME> ```

where TEST_NAME is the path to the test. For example common::validators or hsm_operations::tests::wrap_tests

Third-Party Licenses

This project depends on a number of third-party libraries, both Rust crates and native C libraries. Release builds statically link several native libraries including libusb (LGPL-2.1), libcurl (MIT), libyubihsm (Apache-2.0), and OpenSSL (Apache-2.0).

A complete listing of all third-party licenses is generated during the release build and is included in the distribution as THIRDPARTY.txt.

Note
 Because yubihsm-manager is open source, users can rebuild the binary to link against a different version of libusb, satisfying LGPL-2.1 requirements.

License

 Copyright 2025 Yubico AB

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at

 http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.