Yubico releases YubiKey Manager CLI 4.0

Person sitting at desk in front of computer screen

Today, we’re excited to share that Yubico has released YubiKey Manager CLI 4.0 (also known as “ykman”). This is a new major release version, and that means substantial changes. For this release, those changes include a few new features for end-users, and several other changes which are mostly relevant for developers.

Changes that may impact users

To be able to add new features, we’ve added a few new subcommands to the tool. In doing so we’ve seen the need to restructure the existing commands in certain places, and have also taken this opportunity to make sure we’re being consistent between different parts of the tool. In a lot of places this has resulted in one additional level of command nesting, but for the most part this doesn’t result in much more typing — though it does make things a lot nicer and tidier!

As an example of this, let’s look at the PIV section of the tool:

In ykman 3, some of the subcommands section are:

generate-key, import-key, generate-certificate, import-certificate, read-object, write-object, and so on.

In ykman 4, we  introduced an additional level of subcommands for keys, certificates, and objects.

Instead of ykman piv import-key you now use ykman piv keys import.

Instead of ykman piv write-object, you now use ykman piv objects import, and so on. 

As you can see, this typically doesn’t add a lot of extra typing, but it does give things more structure and consistency, which is really important as we add new commands.

With these added subcommands, functionality is better grouped together, and you can get relevant help information for a single group of commands by typing

ykman piv certificates –help for example. 

For convenience, we’ve added aliases for the old commands, which will continue to function for some time, though they will print a warning message containing the new command syntax when used.

Notable new features

Some of the notable new features that users will notice are:

More complete near-field communication (NFC) support

We’ve added NFC support to the fido and otp subcommands. This means that all configuration of a YubiKey can be done over NFC, in addition to USB.

To use, run ykman list –readers to list available NFC readers, then invoke a command with ykman –reader “<name of NFC reader>” <command>.

More robust device handling and troubleshooting

The code for locating and connecting to YubiKeys has been completely re-written to rely less on additional code libraries so that more is done within ykman itself. This offers us more fine-grained control to be able to deal with tricky corner-cases, as well as the ability to get more information about what has gone wrong in case of errors.

A new diagnostics command ykman –diagnose has been added to help in troubleshooting. This command will output detailed information about your system, as well as any attached YubiKeys, which can help you pinpoint the source of problems.

Changes for developers

We believe the new additions to the tool are great, but the real “meat” of this update is under the hood.

Dropping support for Python 2 / Fully embracing Python 3

Python 2 was declared end-of-life in January 2020 by the Python Foundation, and we’ve started the process of dropping support for Python 2 throughout our projects as well. This is the first version of ykman to no longer support Python 2, allowing us to clean up the codebase significantly as well as take advantage of some Python 3 features which we’ve had to avoid in the past due to maintaining Python 2 compatibility. These features include things like type annotations, data classes, and more. 

Updated object model for scripting

We’ve also taken cues from our Mobile SDKs for Android and iOS and updated a lot of the core “library” part of the tool to better follow in their structure. This has produced a much more wholly consistent codebase and a more robust platform to not only build ykman on top of, but also to allow for custom development and scripting. This will allow our more developer-savvy users to use ykman in their own Python scripts to do things like scripted configuration of YubiKeys, and so on. We hope to bring you more information about this throughout the year, with tutorials and examples.

Download YubiKey Manager CLI 4.0 here, read the YubiKey Manager (ykman) CLI & GUI Guide, and let us know what you think of these new updates. 

In the coming weeks we will be releasing an updated version of YubiKey Manager GUI which will bundle the new CLI, with easy to use installers for supported platforms.

Issues can be reported on our Github page, and our Support page can help you out with any questions.

Your feedback is important as we continue to improve our software!

Talk to our teamTalk to our team

Share this article:


  • The rise of AI-driven phishing attacks: What to know and how to be secureAs businesses continue learning the benefits that artificial intelligence (AI) assisted computing tools provide, we’re continuing to see rapid interest and adoption of the technology – especially within the enterprise. Most conversations up until recently have revolved around ChatGPT, but now another new AI-powered large language model tool – DeepSeek – is creating a lot […]Read more
  • Works with YubiKey Spotlight: Expanded partnerships redefining phishing-resistance in 20252024 was an exciting year for Yubico and our partners. Together, we achieved remarkable milestones, launching innovative solutions and forging stronger partnerships – all aimed at delivering the most impactful cybersecurity solutions and user experience for our customers and partners. At the heart of these efforts lies a shared commitment to phishing-resistance.  From registration to […]Read moreWorks with YubiKeywwyk
  • Cybersecurity in 2025 – part two: Insights and predictions from Yubico’s expertsIn part one of our 2025 cybersecurity predictions, we highlighted insights from our experts on the topic of passkeys, digital identity wallets and the threats of AI-driven phishing – areas that saw a lot of focus in 2024, and ones that we expect to continue being a major focus this year. If you missed our […]Read morecritical infrastructurefederal governmentfinancial servicespredictions
  • surface blog crownMicrosofts Surface Pro 10 möjliggör NFC-baserad lösenordsfri inloggning med YubiKeys, för företagDra fördel av det långvariga samarbetet mellan Microsoft och Yubico genom att distribuera YubiKeys tillsammans med den nya Surface Pro 10 enheten för ditt företag. Read morenfcpasswordless