All authentication sub-commands can be viewed by entering following command.
volttron-ctl auth --help
optional arguments: -h, --help show this help message and exit -c FILE, --config FILE read configuration from FILE --debug show tracbacks for errors rather than a brief message -t SECS, --timeout SECS timeout in seconds for remote calls (default: 30) --vip-address ZMQADDR ZeroMQ URL to bind for VIP connections --keystore-file FILE use keystore from FILE --known-hosts-file FILE get known-host server keys from FILE subcommands: add add new authentication record add-group associate a group name with a set of roles add-known-host add server public key to known-hosts file add-role associate a role name with a set of capabilities keypair generate CurveMQ keys for encrypting VIP connections list list authentication records list-groups show list of group names and their sets of roles list-known-hosts list entries from known-hosts file list-roles show list of role names and their sets of capabilities publickey show public key for each agent remove removes one or more authentication records by indices remove-group disassociate a group name from a set of roles remove-known-host remove entry from known-hosts file remove-role disassociate a role name from a set of capabilities serverkey show the serverkey for the instance update updates one authentication record by index update-group update group to include (or remove) given roles update-role update role to include (or remove) given capabilities
An authentication record consist of following parameters
domain : address : Either a single agent identity or an array of agents identities user_id : Arbitrary string to indentify the agent capabilities (delimit multiple entries with comma) : Array of strings referring to authorized capabilities defined by exported RPC methods roles (delimit multiple entries with comma) : groups (delimit multiple entries with comma) : mechanism [CURVE]: credentials : Public key string for the agent comments : enabled [True]:
For more details on how to create authentication record, please see section Agent Authentication