# Install ykman with Homebrew

Tool for managing your YubiKey configuration. Version 5.9.2 via Homebrew; verified 2026-07-01.

## Install

```sh
sudo av install brew:ykman
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install ykman
```

  Evidence: local Homebrew formula metadata

## Package facts

- **Package key:** brew:ykman
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/ykman>
- **Version:** 5.9.2
- **Source summary:** Tool for managing your YubiKey configuration
- **Homepage:** <https://developers.yubico.com/yubikey-manager/>
- **Repository:** <https://github.com/Yubico/yubikey-manager>
- **Upstream docs:** <https://developers.yubico.com/yubikey-manager>
- **License:** BSD-2-Clause
- **Source archive:** <https://files.pythonhosted.org/packages/1f/ab/5b0671484bcdac6cf383ba6682626ab23478889fab5fe7a1744ed78a33c4/yubikey_manager-5.9.2.tar.gz>
- **Last updated:** 2026-07-01T17:34:10Z
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- ykman (cli)
- ykman (alias)

## Dependencies

- cryptography
- python@3.14

## Build dependencies

- cmake
- swig

## Uses from macOS

- pcsc-lite

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 5.9.2
- Package-manager updated: 2026-07-01
- Local data: ok
- Upstream repository: https://developers.yubico.com/yubikey-manager/
- info: Release/tag comparison is only available for GitHub repositories.
## Project history and usage

YubiKey Manager CLI, usually run as `ykman`, is Yubico's maintained command-line and Python-library interface for configuring modern YubiKeys. It sits at the center of the current YubiKey administration stack because it manages multiple applications on the same hardware token, including FIDO, OATH, OpenPGP, OTP, and PIV.

### Project history

The GitHub repository for yubikey-manager was created on 2016-07-04, after Yubico already had older, narrower tools for OTP personalization and related YubiKey tasks. The project consolidated YubiKey administration into a Python CLI/library that can talk to a YubiKey over the relevant USB interfaces instead of being limited to the original OTP personalization workflow.

Yubico's current developer page describes YubiKey Manager CLI as a Python 3.10-or-later library and command-line tool for configuring a YubiKey, and points GUI users to Yubico Authenticator. The separate user guide describes it as an advanced cross-platform tool and the premier CLI for advanced management of YubiKey applications.

### Adoption history

`ykman` became the practical successor for day-to-day YubiKey configuration as YubiKeys expanded beyond OTP into FIDO2/WebAuthn, PIV smart-card certificates, OATH credentials, OpenPGP, and other applets. Its Homebrew, MacPorts, pip/pipx/uv, Windows installer, Linux package, and FreeBSD port paths reflect a tool meant for developers, admins, and security teams rather than only one operating system.

In the YubiKey ecosystem, adoption is also explained by deprecation pressure: Yubico has announced end-of-life dates for the older YubiKey Personalization package, while YubiKey Manager continues to track newer firmware and application capabilities.

### How it is used

Typical usage starts with `ykman list` or `ykman info`, then moves into application-specific subcommands such as `ykman fido`, `ykman oath`, `ykman openpgp`, `ykman otp`, and `ykman piv`. It is used to inspect tokens, configure applications, manage credentials or certificates, reset applets, and script YubiKey fleet setup from a terminal.

Package users should think of `ykman` as hardware administration tooling, not a passive client: commands can change security-sensitive state on a physical token, and some platforms require USB HID, smart-card, or input-monitoring permissions for particular YubiKey interfaces.

### Why package nerds care

`ykman` is package-nerd significant because it is where modern hardware-token support becomes ordinary package-manager plumbing: a Python CLI, platform-specific USB and smart-card access, shell completion, native installers, and OS packages all wrap one small executable that configures real cryptographic hardware.

It also shows the maintenance arc of security-device tooling. Old single-purpose C utilities remain historically important, but the package that users now expect to install is the cross-application manager that follows current firmware and authentication standards.

### Timeline

- 2016-07-04: Yubico creates the yubikey-manager GitHub repository.
- 2020s: YubiKey Manager CLI becomes Yubico's documented advanced cross-platform CLI for current YubiKey applications.
- 2025-02-19: Yubico announces end of life for the older YubiKey Personalization package, strengthening `ykman` as the maintained path for newer YubiKey management.
- 2026: Yubico documentation describes ykman as supporting features of current YubiKey firmware and applications including FIDO2, PIV, OTP, OpenPGP, OATH, Security Domain, and YubiHSM Auth.

### Related projects

- YubiKey Personalization / ykpers is the older OTP-focused personalization library and CLI.
- Yubico Authenticator is Yubico's GUI-oriented application for users who do not want the CLI.
- Related Yubico tools and protocols include yubico-c, libfido2, python-fido2, PIV, OpenPGP, OATH, YubiOTP, FIDO2, and WebAuthn.

### Sources

- <https://api.github.com/repos/Yubico/yubikey-manager>
- <https://developers.yubico.com/yubikey-manager/>
- <https://developers.yubico.com/yubikey-personalization/>
- <https://docs.yubico.com/software/yubikey/tools/ykman/intro.html>
- <https://github.com/Yubico/yubikey-manager>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** ykman
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Text processing packages](https://www.automicvault.com/pkg/text-processing-tools/) - Matched text, document, or structured-data processing metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [python@3.14](https://www.automicvault.com/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [cmake](https://www.automicvault.com/pkg/brew/cmake/) - Build dependency declared by Homebrew.
- [swig](https://www.automicvault.com/pkg/brew/swig/) - Build dependency declared by Homebrew.
- [ykpers](https://www.automicvault.com/pkg/brew/ykpers/) - Shares av.db curated category or tags: cli, hardware-tokens, security, yubikey.
- [yubikey-agent](https://www.automicvault.com/pkg/brew/yubikey-agent/) - Shares av.db curated category or tags: cli, hardware-token, security, yubikey.
- [tkey-ssh-agent](https://www.automicvault.com/pkg/brew/tkey-ssh-agent/) - Shares av.db curated category or tags: cli, hardware-token, security.
- [yubico-piv-tool](https://www.automicvault.com/pkg/brew/yubico-piv-tool/) - Shares av.db curated category or tags: cli, security, yubikey.
- [age-plugin-yubikey](https://www.automicvault.com/pkg/brew/age-plugin-yubikey/) - Shares av.db curated category or tags: cli, security, yubikey.
- [aide](https://www.automicvault.com/pkg/brew/aide/) - Shares av.db curated category or tags: cli, security.
- [aircrack-ng](https://www.automicvault.com/pkg/brew/aircrack-ng/) - Shares av.db curated category or tags: cli, security.
- [amass](https://www.automicvault.com/pkg/brew/amass/) - Shares av.db curated category or tags: cli, security.
- [pam-u2f](https://www.automicvault.com/pkg/brew/pam-u2f/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, hardware, hardware-token, security, token.

## Combined YAML source

View the package source record on GitHub. [combined/ykman.yml](https://github.com/automic-vault/db/blob/main/combined/ykman.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- cross-ecosystem install command graph
