Command Line Interface

This document is a prettier output of the documentation produced by the command line client’s man command. You can obtain similar pages using the following shell commands.

tezos-client -protocol ProtoALphaALph man -verbosity 3
tezos-admin-client man -verbosity 3

Client manual

Admin-client manual

Usage

  • tezos-admin-client [global options] command [command options]
  • tezos-admin-client --help (for global options)
  • tezos-admin-client [global options] command --help (for command options)

To browse the documentation

  • tezos-admin-client [global options] man (for a list of commands)
  • tezos-admin-client [global options] man -v 3 (for the full manual)

Global options (must come before the command)

-d --base-dir <path>: client data directory The directory where the Tezos client will store all its data. By default: '$HOME/.tezos-client'. -c --config-file <path>: configuration file -t --timings: show RPC request times -b --block <hash|tag>: block on which to apply contextual commands Defaults to `head`. -w --wait <none|<int>>: how many confirmation blocks before to consider an operation as included -p --protocol <hash>: use commands of a specific protocol -l --log-requests: log all requests to the node -A --addr <IP addr|host>: IP address of the node -P --port <number>: RPC port of the node -S --tls: use TLS to connect to node. -R --remote-signer <uri>: URI of the remote signer

Access the documentation

  • man [keyword...] [-v --verbosity <0|1|2|3>] [--format <plain|colors|html>]
    Print documentation of commands. Add search keywords to narrow list. Will display only the commands by default, unless [-verbosity <2|3>] is passed or the list of matching commands if less than 3. keyword: keyword to search for If several are given they must all appear in the command. -v --verbosity <0|1|2|3>: level of details 0. Only shows command mnemonics, without documentation. 1. Shows command mnemonics with short descriptions. 2. Show commands and arguments with short descriptions 3. Show everything --format <plain|colors|html>: the manual's output format Defaults to `plain`.

Commands for the low level RPC layer

  • rpc list url
    List RPCs under a given URL prefix. Some parts of the RPC service hierarchy depend on parameters, they are marked by a suffix `<dynamic>`. You can list these sub-hierarchies by providing a concrete URL prefix whose arguments are set to a valid value. url: the URL prefix
  • rpc list
    Alias to `rpc list /`.
  • rpc schema HTTP method url
    Get the input and output JSON schemas of an RPC. HTTP method: url: the RPC url
  • rpc format HTTP method url [-b --binary]
    Get the humanoid readable input and output formats of an RPC. HTTP method: url: the RPC URL -b --binary: Binary format
  • rpc get url
    Call an RPC with the GET method. url: the RPC URL
  • rpc post url
    Call an RPC with the POST method. If input data is needed, a text editor will be popped up. url: the RPC URL
  • rpc post url with input
    Call an RPC with the POST method, providing input data via the command line. url: the RPC URL input: the raw JSON input to the RPC For instance, use `{}` to send the empty document. Alternatively, use `file:path` to read the JSON data from a file.

Commands for managing protocols

  • list protocols
    List protocols known by the node.
  • inject protocol dir
    Inject a new protocol into the node. dir: directory containing a protocol
  • dump protocol protocol hash
    Dump a protocol from the node's record of protocol. protocol hash:

Commands for monitoring and controlling p2p-layer state

  • p2p stat
    show global network status
  • connect address address [--port <IP port>]
    Connect to a new point. address: IPv4 or IPV6 address --port <IP port>: peer-to-peer port of the node Defaults to `9732`.
  • forget address address
    Remove an IP address from the blacklist and whitelist. address: IPv4 or IPV6 address
  • ban address address
    Add an IP address to the blacklist. address: IPv4 or IPV6 address
  • trust address address
    Add an IP address to the whitelist. address: IPv4 or IPV6 address
  • is address banned address
    Check if an IP address is banned. address: IPv4 or IPV6 address
  • forget peer peer
    Remove a peer ID from the blacklist and whitelist. peer: peer network identity
  • ban peer peer
    Add a peer ID to the blacklist. peer: peer network identity
  • trust peer peer
    Add a peer ID to the whitelist. peer: peer network identity
  • is peer banned peer
    Check if a peer ID is banned. peer: peer network identity
  • clear acls
    Clear all ACLs.

Commands to perform privileged operations on the node

  • unmark invalid [block...]
    Make the node forget its decision of rejecting a block. block: block to remove from invalid list

Commands to report the node's status

  • list heads [-o --output <path>]
    The last heads that have been considered by the node. -o --output <path>: write to a file Defaults to `-`.
  • list rejected blocks [-o --output <path>]
    The blocks that have been marked invalid by the node. -o --output <path>: write to a file Defaults to `-`.

Commands for editing and viewing the client's config file

  • config show
    Show the config file.
  • config reset
    Reset the config file to the factory defaults.
  • config update
    Update the config based on the current cli values. Loads the current configuration (default or as specified with `-config-file`), applies alterations from other command line arguments (such as the node's address, etc.), and overwrites the updated configuration file.
  • config init [-o --output <path>]
    Create a config file based on the current CLI values. If the `-file` option is not passed, this will initialize the default config file, based on default parameters, altered by other command line options (such as the node's address, etc.). Otherwise, it will create a new config file, based on the default parameters (or the the ones specified with `-config-file`), altered by other command line options. The command will always fail if the file already exists. -o --output <path>: path at which to create the file Defaults to `$HOME/.tezos-client/config`.

Miscellaneous commands

  • list understood protocols
    List the protocol versions that this client understands.

Signer manual

Usage

  • tezos-signer [global options] command [command options]
  • tezos-signer --help (for global options)
  • tezos-signer [global options] command --help (for command options)

To browse the documentation

  • tezos-signer [global options] man (for a list of commands)
  • tezos-signer [global options] man -v 3 (for the full manual)

Global options (must come before the command)

-d --base-dir <path>: signer data directory The directory where the Tezos client will store all its data. By default: '$HOME/.tezos-signer'. -A --require-authentication: Require a signature from the caller to sign.

Access the documentation

  • man [keyword...] [-v --verbosity <0|1|2|3>] [--format <plain|colors|html>]
    Print documentation of commands. Add search keywords to narrow list. Will display only the commands by default, unless [-verbosity <2|3>] is passed or the list of matching commands if less than 3. keyword: keyword to search for If several are given they must all appear in the command. -v --verbosity <0|1|2|3>: level of details 0. Only shows command mnemonics, without documentation. 1. Shows command mnemonics with short descriptions. 2. Show commands and arguments with short descriptions 3. Show everything --format <plain|colors|html>: the manual's output format Defaults to `plain`.

Commands specific to the signing daemon

  • launch socket signer [-M --magic-bytes <0xHH,0xHH,...>] [-a --address <host|address>] [-p --port <port number>]
    Launch a signer daemon over a TCP socket. -M --magic-bytes <0xHH,0xHH,...>: values allowed for the magic bytes, defaults to any -a --address <host|address>: listening address or host name Defaults to `localhost`. -p --port <port number>: listening TCP port or service name Defaults to `7732`.
  • launch local signer [-M --magic-bytes <0xHH,0xHH,...>] [-s --socket <path>]
    Launch a signer daemon over a local Unix socket. -M --magic-bytes <0xHH,0xHH,...>: values allowed for the magic bytes, defaults to any -s --socket <path>: path to the local socket file Defaults to `$HOME/.tezos-signer/socket`.
  • launch http signer [-M --magic-bytes <0xHH,0xHH,...>] [-a --address <host|address>] [-p --port <port number>]
    Launch a signer daemon over HTTP. -M --magic-bytes <0xHH,0xHH,...>: values allowed for the magic bytes, defaults to any -a --address <host|address>: listening address or host name Defaults to `localhost`. -p --port <port number>: listening HTTP port Defaults to `6732`.
  • launch https signer cert key [-M --magic-bytes <0xHH,0xHH,...>] [-a --address <host|address>] [-p --port <port number>]
    Launch a signer daemon over HTTPS. cert: path to th TLS certificate key: path to th TLS key -M --magic-bytes <0xHH,0xHH,...>: values allowed for the magic bytes, defaults to any -a --address <host|address>: listening address or host name Defaults to `localhost`. -p --port <port number>: listening HTTPS port Defaults to `443`.
  • add authorized key pk [-N --name <name>]
    Authorize a given public key to perform signing requests. pk: full public key (Base58 encoded) -N --name <name>: an optional name for the key (defaults to the hash)

Commands for managing the connected Ledger Nano S devices

  • list connected ledgers
    List supported Ledger Nano S devices connected.
  • show ledger path uri
    Show BIP32 derivation at path for Ledger uri: secret key Varies from one scheme to the other. Use command `list signing schemes` for more information.
  • authorize ledger to bake for name
    Authorize a Ledger to bake for a key name: existing public_key alias
  • get ledger high watermark for uri
    Get high water mark of a Ledger uri: secret key Varies from one scheme to the other. Use command `list signing schemes` for more information.
  • set ledger high watermark for uri to high watermark
    Set high water mark of a Ledger uri: secret key Varies from one scheme to the other. Use command `list signing schemes` for more information. high watermark: High watermark

Commands for managing the wallet of cryptographic keys

  • list signing schemes
    List supported signing schemes. Signing schemes are identifiers for signer modules: the built-in signing routines, a hardware wallet, an external agent, etc. Each signer has its own format for describing secret keys, such a raw secret key for the default `unencrypted` scheme, the path on a hardware security module, an alias for an external agent, etc. This command gives the list of signer modules that this version of the tezos client supports.
  • gen keys new [-f --force] [-s --sig <ed25519|secp256k1|p256>] [--encrypted]
    Generate a pair of keys. new: new secret_key alias -f --force: overwrite existing secret_key -s --sig <ed25519|secp256k1|p256>: use custom signature algorithm Defaults to `ed25519`. --encrypted: Encrypt the key on-disk
  • gen vanity keys new matching [words...] [-P --prefix] [-f --force] [--encrypted]
    Generate keys including the given string. new: new public key hash alias words: string key must contain one of these words -P --prefix: the key must begin with tz1[word] -f --force: overwrite existing keys --encrypted: Encrypt the key on-disk
  • import secret key new uri [-f --force]
    Add a secret key to the wallet. new: new secret_key alias uri: secret key Varies from one scheme to the other. Use command `list signing schemes` for more information. -f --force: overwrite existing secret_key
  • import public key new uri [-f --force]
    Add a public key to the wallet. new: new public_key alias uri: public key Varies from one scheme to the other. Use command `list signing schemes` for more information. -f --force: overwrite existing public_key
  • add address new src [-f --force]
    Add an address to the wallet. new: new public key hash alias src: source public key hash Can be a public key hash name, a file or a raw public key hash literal. If the parameter is not the name of an existing public key hash, the client will look for a file containing a public key hash, and if it does not exist, the argument will be read as a raw public key hash. Use 'alias:name', 'file:path' or 'text:literal' to disable autodetect. -f --force: overwrite existing public_key
  • list known addresses
    List all addresses and associated keys.
  • show address name [-S --show-secret]
    Show the keys associated with an implicit account. name: existing public key hash alias -S --show-secret: show the private key
  • forget address name [-f --force]
    Forget one address. name: existing public key hash alias -f --force: delete associated keys when present
  • forget all keys [-f --force]
    Forget the entire wallet of keys. -f --force: you got to use the force for that

Baker manual

Endorser manual

Accuser manual