Command Line Interface

This document is a prettier output of the documentation produced by the command line client’s man command. You can obtain similar pages using the following shell commands.

tezos-client -protocol ProtoALphaALph man -verbosity 3
tezos-admin-client man -verbosity 3

Client manual

Admin-client manual

Usage

  • tezos-admin-client [global options] command [command options]
  • tezos-admin-client --help (for global options)
  • tezos-admin-client [global options] command --help (for command options)

To browse the documentation

  • tezos-admin-client [global options] man (for a list of commands)
  • tezos-admin-client [global options] man -v 3 (for the full manual)

Global options (must come before the command)

-d --base-dir <path>: client data directory The directory where the Tezos client will store all its data. By default: '$HOME/.tezos-client'. -c --config-file <path>: configuration file -t --timings: show RPC request times --chain <hash|tag>: chain on which to apply contextual commands (possible tags are 'main' and 'test') Defaults to `main`. -b --block <hash|tag>: block on which to apply contextual commands (possible tags are 'head' and 'genesis') Defaults to `head`. -w --wait <none|<int>>: how many confirmation blocks before to consider an operation as included -p --protocol <hash>: use commands of a specific protocol -l --log-requests: log all requests to the node -A --addr <IP addr|host>: IP address of the node -P --port <number>: RPC port of the node -S --tls: use TLS to connect to node. -R --remote-signer <uri>: URI of the remote signer -f --password-filename <filename>: path to the password filename

Access the documentation

  • man [keyword...] [-v --verbosity <0|1|2|3>] [--format <plain|colors|html>]
    Print documentation of commands. Add search keywords to narrow list. Will display only the commands by default, unless [-verbosity <2|3>] is passed or the list of matching commands if less than 3. keyword: keyword to search for If several are given they must all appear in the command. -v --verbosity <0|1|2|3>: level of details 0. Only shows command mnemonics, without documentation. 1. Shows command mnemonics with short descriptions. 2. Show commands and arguments with short descriptions 3. Show everything --format <plain|colors|html>: the manual's output format Defaults to `plain`.

Commands to inspect the event-logging framework

  • query events from Sink-Name [--names <LIST>] [--sections <LIST>] [--since <DATE>] [--until <DATE>] [--as-json] [--dump-unknown] [--for-script <FORMAT>]
    Query the events from an event sink. Sink-Name: The URI of the SINK to query --names <LIST>: Filter on event names --sections <LIST>: Filter on event sections (use '_' for no-section) --since <DATE>: Filter out events before DATE --until <DATE>: Filter out events after DATE --as-json: Display events as JSON instead of pretty-printing them --dump-unknown: Try to display unknown events --for-script <FORMAT>: Make the output script-friendly
  • show event-logging
    Display configuration/state information about the internal-event logging framework.
  • output schema of Event-Name to File-path
    Output the JSON schema of an internal-event. Event-Name: Name of the event File-path: Path to a JSON file

Commands for the low level RPC layer

  • rpc list url
    List RPCs under a given URL prefix. Some parts of the RPC service hierarchy depend on parameters, they are marked by a suffix `<dynamic>`. You can list these sub-hierarchies by providing a concrete URL prefix whose arguments are set to a valid value. url: the URL prefix
  • rpc list
    Alias to `rpc list /`.
  • rpc schema HTTP method url
    Get the input and output JSON schemas of an RPC. HTTP method: url: the RPC url
  • rpc format HTTP method url [-b --binary]
    Get the humanoid readable input and output formats of an RPC. HTTP method: url: the RPC URL -b --binary: Binary format
  • rpc get url
    Call an RPC with the GET method. url: the RPC URL
  • rpc post url
    Call an RPC with the POST method. It invokes $EDITOR if input data is needed. url: the RPC URL
  • rpc post url with input
    Call an RPC with the POST method, providing input data via the command line. url: the RPC URL input: the raw JSON input to the RPC For instance, use `{}` to send the empty document. Alternatively, use `file:path` to read the JSON data from a file.
  • rpc put url
    Call an RPC with the PUT method. It invokes $EDITOR if input data is needed. url: the RPC URL
  • rpc put url with input
    Call an RPC with the PUT method, providing input data via the command line. url: the RPC URL input: the raw JSON input to the RPC For instance, use `{}` to send the empty document. Alternatively, use `file:path` to read the JSON data from a file.
  • rpc delete url
    Call an RPC with the DELETE method. url: the RPC URL

Commands for managing protocols

  • list protocols
    List protocols known by the node.
  • inject protocol dir
    Inject a new protocol into the node. dir: directory containing the sources of a protocol
  • dump protocol protocol hash
    Dump a protocol from the node's record of protocol. protocol hash:
  • fetch protocol protocol hash
    Fetch a protocol from the network. protocol hash: A Tezos protocol ID

Commands for monitoring and controlling p2p-layer state

  • p2p stat
    show global network status
  • connect address address
    Connect to a new point. address: <IPv4>:PORT or <IPV6>:PORT address (PORT defaults to 9732).
  • kick peer peer
    Kick a peer. peer: peer network identity
  • ban address address
    Add an IP address and all its ports to the blacklist and kicks it. Remove the address from the whitelist if it was previously in it. address: <IPv4>:PORT or <IPV6>:PORT address (PORT defaults to 9732).
  • unban address address
    Remove an IP address and all its ports from the blacklist. address: <IPv4>:PORT or <IPV6>:PORT address (PORT defaults to 9732).
  • trust address address
    Add an IP address to the whitelist. Remove the address from the blacklist if it was previously in it. address: <IPv4>:PORT or <IPV6>:PORT address (PORT defaults to 9732).
  • untrust address address
    Removes an IP address from the whitelist. address: <IPv4>:PORT or <IPV6>:PORT address (PORT defaults to 9732).
  • is address banned address
    Check if an IP address is banned. address: <IPv4>:PORT or <IPV6>:PORT address (PORT defaults to 9732).
  • is peer banned peer
    Check if a peer ID is banned. peer: peer network identity
  • ban peer peer
    Add a peer ID to the blacklist and kicks it. Remove the peer ID from the blacklist if was previously in it. peer: peer network identity
  • unban peer peer
    Removes a peer ID from the blacklist. peer: peer network identity
  • trust peer peer
    Add a peer ID to the whitelist. Remove the peer ID from the blacklist if it was previously in it. peer: peer network identity
  • untrust peer peer
    Remove a peer ID from the whitelist. peer: peer network identity
  • clear acls
    Clear all access control rules.

Commands to perform privileged operations on the node

  • unmark invalid [block...]
    Make the node forget its decision of rejecting blocks. block: blocks to remove from invalid list
  • unmark all invalid blocks
    Make the node forget every decision of rejecting blocks.
  • show current checkpoint
    Retrieve the current checkpoint and display it in a format compatible with node argument `--checkpoint`.

Commands to report the node's status

  • list heads [-o --output <path>]
    The last heads that have been considered by the node. -o --output <path>: write to a file Defaults to `-`.
  • list rejected blocks [-o --output <path>]
    The blocks that have been marked invalid by the node. -o --output <path>: write to a file Defaults to `-`.

Commands for editing and viewing the client's config file

  • config show
    Show the config file.
  • config reset
    Reset the config file to the factory defaults.
  • config update
    Update the config based on the current cli values. Loads the current configuration (default or as specified with `-config-file`), applies alterations from other command line arguments (such as the node's address, etc.), and overwrites the updated configuration file.
  • config init [-o --output <path>]
    Create a config file based on the current CLI values. If the `-file` option is not passed, this will initialize the default config file, based on default parameters, altered by other command line options (such as the node's address, etc.). Otherwise, it will create a new config file, based on the default parameters (or the the ones specified with `-config-file`), altered by other command line options. The command will always fail if the file already exists. -o --output <path>: path at which to create the file Defaults to `$HOME/.tezos-client/config`.

Miscellaneous commands

  • list understood protocols
    List the protocol versions that this client understands.

Signer manual

Usage

  • tezos-signer [global options] command [command options]
  • tezos-signer --help (for global options)
  • tezos-signer [global options] command --help (for command options)

To browse the documentation

  • tezos-signer [global options] man (for a list of commands)
  • tezos-signer [global options] man -v 3 (for the full manual)

Global options (must come before the command)

-d --base-dir <path>: signer data directory The directory where the Tezos client will store all its data. By default: '$HOME/.tezos-signer'. -A --require-authentication: Require a signature from the caller to sign. -f --password-file <filename>: Absolute path of the password file

Access the documentation

  • man [keyword...] [-v --verbosity <0|1|2|3>] [--format <plain|colors|html>]
    Print documentation of commands. Add search keywords to narrow list. Will display only the commands by default, unless [-verbosity <2|3>] is passed or the list of matching commands if less than 3. keyword: keyword to search for If several are given they must all appear in the command. -v --verbosity <0|1|2|3>: level of details 0. Only shows command mnemonics, without documentation. 1. Shows command mnemonics with short descriptions. 2. Show commands and arguments with short descriptions 3. Show everything --format <plain|colors|html>: the manual's output format Defaults to `plain`.

Commands specific to the signing daemon

  • launch socket signer [-P --pidfile <filename>] [-M --magic-bytes <0xHH,0xHH,...>] [-W --check-high-watermark] [-a --address <host|address>] [-p --port <port number>]
    Launch a signer daemon over a TCP socket. -P --pidfile <filename>: write process id in file -M --magic-bytes <0xHH,0xHH,...>: values allowed for the magic bytes, defaults to any -W --check-high-watermark: high watermark restriction Stores the highest level signed for blocks and endorsements for each address, and forbids to sign a level that is inferior or equal afterwards, except for the exact same input data. -a --address <host|address>: listening address or host name Defaults to `localhost`. -p --port <port number>: listening TCP port or service name Defaults to `7732`.
  • launch local signer [-P --pidfile <filename>] [-M --magic-bytes <0xHH,0xHH,...>] [-W --check-high-watermark] [-s --socket <path>]
    Launch a signer daemon over a local Unix socket. -P --pidfile <filename>: write process id in file -M --magic-bytes <0xHH,0xHH,...>: values allowed for the magic bytes, defaults to any -W --check-high-watermark: high watermark restriction Stores the highest level signed for blocks and endorsements for each address, and forbids to sign a level that is inferior or equal afterwards, except for the exact same input data. -s --socket <path>: path to the local socket file Defaults to `$HOME/.tezos-signer/socket`.
  • launch http signer [-P --pidfile <filename>] [-M --magic-bytes <0xHH,0xHH,...>] [-W --check-high-watermark] [-a --address <host|address>] [-p --port <port number>]
    Launch a signer daemon over HTTP. -P --pidfile <filename>: write process id in file -M --magic-bytes <0xHH,0xHH,...>: values allowed for the magic bytes, defaults to any -W --check-high-watermark: high watermark restriction Stores the highest level signed for blocks and endorsements for each address, and forbids to sign a level that is inferior or equal afterwards, except for the exact same input data. -a --address <host|address>: listening address or host name Defaults to `localhost`. -p --port <port number>: listening HTTP port Defaults to `6732`.
  • launch https signer cert key [-P --pidfile <filename>] [-M --magic-bytes <0xHH,0xHH,...>] [-W --check-high-watermark] [-a --address <host|address>] [-p --port <port number>]
    Launch a signer daemon over HTTPS. cert: path to the TLS certificate key: path to the TLS key -P --pidfile <filename>: write process id in file -M --magic-bytes <0xHH,0xHH,...>: values allowed for the magic bytes, defaults to any -W --check-high-watermark: high watermark restriction Stores the highest level signed for blocks and endorsements for each address, and forbids to sign a level that is inferior or equal afterwards, except for the exact same input data. -a --address <host|address>: listening address or host name Defaults to `localhost`. -p --port <port number>: listening HTTPS port Defaults to `443`.
  • add authorized key pk [-N --name <name>]
    Authorize a given public key to perform signing requests. pk: full public key (Base58 encoded) -N --name <name>: an optional name for the key (defaults to the hash)

Commands for managing the wallet of cryptographic keys

  • list signing schemes
    List supported signing schemes. Signing schemes are identifiers for signer modules: the built-in signing routines, a hardware wallet, an external agent, etc. Each signer has its own format for describing secret keys, such a raw secret key for the default `unencrypted` scheme, the path on a hardware security module, an alias for an external agent, etc. This command gives the list of signer modules that this version of the tezos client supports.
  • gen keys new [-f --force] [-s --sig <ed25519|secp256k1|p256>] [--encrypted]
    Generate a pair of keys. new: new secret_key alias -f --force: overwrite existing secret_key -s --sig <ed25519|secp256k1|p256>: use custom signature algorithm Defaults to `ed25519`. --encrypted: Encrypt the key on-disk
  • gen vanity keys new matching [words...] [-P --prefix] [-f --force] [--encrypted]
    Generate keys including the given string. new: new public key hash alias words: string key must contain one of these words -P --prefix: the key must begin with tz1[word] -f --force: overwrite existing keys --encrypted: Encrypt the key on-disk
  • encrypt secret key
    Encrypt an unencrypted secret key.
  • import secret key new uri [-f --force]
    Add a secret key to the wallet. new: new secret_key alias uri: secret key Varies from one scheme to the other. Use command `list signing schemes` for more information. -f --force: overwrite existing secret_key
  • import public key new uri [-f --force]
    Add a public key to the wallet. new: new public_key alias uri: public key Varies from one scheme to the other. Use command `list signing schemes` for more information. -f --force: overwrite existing public_key
  • add address new src [-f --force]
    Add an address to the wallet. new: new public key hash alias src: source public key hash Can be a public key hash name, a file or a raw public key hash literal. If the parameter is not the name of an existing public key hash, the client will look for a file containing a public key hash, and if it does not exist, the argument will be read as a raw public key hash. Use 'alias:name', 'file:path' or 'text:literal' to disable autodetect. -f --force: overwrite existing public_key
  • list known addresses
    List all addresses and associated keys.
  • show address name [-S --show-secret]
    Show the keys associated with an implicit account. name: existing public key hash alias -S --show-secret: show the private key
  • forget address name [-f --force]
    Forget one address. name: existing public key hash alias -f --force: delete associated keys when present
  • forget all keys [-f --force]
    Forget the entire wallet of keys. -f --force: you got to use the force for that
  • generate nonce for name from data
    Compute deterministic nonce. name: existing public key hash alias data: string from which to deterministically generate the nonce
  • generate nonce hash for name from data
    Compute deterministic nonce hash. name: existing public key hash alias data: string from which to deterministically generate the nonce hash

Commands for managing the connected Ledger Nano S devices

  • list connected ledgers
    List supported Ledger Nano S devices connected.
  • show ledger account-alias-or-ledger-uri [--test-sign]
    Display version/public-key/address information for a Ledger URI account-alias-or-ledger-uri: An imported ledger alias or a ledger URI (e.g. "ledger://animal/curve/path"). --test-sign: Test signing operation
  • get ledger authorized path for account-alias-or-ledger-uri
    Query the path of the authorized key account-alias-or-ledger-uri: An imported ledger alias or a ledger URI (e.g. "ledger://animal/curve/path").
  • authorize ledger to bake for account-alias-or-ledger-uri
    Authorize a Ledger to bake for a key (deprecated, use `setup ledger ...` with recent versions of the Baking app) account-alias-or-ledger-uri: An imported ledger alias or a ledger URI (e.g. "ledger://animal/curve/path").
  • setup ledger to bake for account-alias-or-ledger-uri [--main-chain-id <ID>] [--main-hwm <HWM>] [--test-hwm <HWM>]
    Setup a Ledger to bake for a key account-alias-or-ledger-uri: An imported ledger alias or a ledger URI (e.g. "ledger://animal/curve/path"). --main-chain-id <ID>: Use <ID> as main chain-id instead of asking the node. Defaults to `ASK-NODE`. --main-hwm <HWM>: Use <HWM> as main chain high watermark instead of asking the ledger. Defaults to `ASK-LEDGER`. --test-hwm <HWM>: Use <HWM> as test chain high watermark instead of asking the ledger. Defaults to `ASK-LEDGER`.
  • deauthorize ledger baking for account-alias-or-ledger-uri
    Deauthorize Ledger from baking account-alias-or-ledger-uri: An imported ledger alias or a ledger URI (e.g. "ledger://animal/curve/path").
  • get ledger high water mark for account-alias-or-ledger-uri [--no-legacy-instructions]
    Get high water mark of a Ledger account-alias-or-ledger-uri: An imported ledger alias or a ledger URI (e.g. "ledger://animal/curve/path"). --no-legacy-instructions: Prevent the fallback to the (deprecated) Ledger instructions (for 1.x.y versions of the Baking app)
  • set ledger high water mark for account-alias-or-ledger-uri to high watermark
    Set high water mark of a Ledger account-alias-or-ledger-uri: An imported ledger alias or a ledger URI (e.g. "ledger://animal/curve/path"). high watermark: High watermark
  • get ledger high watermark for account-alias-or-ledger-uri [--no-legacy-instructions]
    Get high water mark of a Ledger (legacy/deprecated spelling) account-alias-or-ledger-uri: An imported ledger alias or a ledger URI (e.g. "ledger://animal/curve/path"). --no-legacy-instructions: Prevent the fallback to the (deprecated) Ledger instructions (for 1.x.y versions of the Baking app)
  • set ledger high watermark for account-alias-or-ledger-uri to high watermark
    Set high water mark of a Ledger (legacy/deprecated spelling) account-alias-or-ledger-uri: An imported ledger alias or a ledger URI (e.g. "ledger://animal/curve/path"). high watermark: High watermark

Baker manual

Endorser manual

Accuser manual