salt.cache.localfs_key

Backward compatible shim layer for pki interaction

New in version 3008.0.

The localfs_key is a shim driver meant to allow the salt.cache subsystem to interact with the existing master pki folder/file structure without any migration from previous versions of salt. It is not meant for general purpose use and should not be used outside of the master auth system.

The main difference from before is the 'state' of the key, ie accepted/rejected is now stored in the data itself, as opposed to the cache equivalent of a bank previously.

store and fetch handle ETL from new style, where data itself contains key state, to old style, where folder and/or bank contain state. flush/list/contains/updated are left as nearly equivalent to localfs, without the .p file extension to work with legacy keys via banks.

salt.cache.localfs_key.contains(bank, key, cachedir, **kwargs)

Checks if the specified bank contains the specified key. Uses internal mmap index for O(1) performance when available.

salt.cache.localfs_key.fetch(bank, key, cachedir, **kwargs)

Fetch and construct state data for a given minion based on the bank and id

salt.cache.localfs_key.flush(bank, key=None, cachedir=None, **kwargs)

Remove the key from the cache bank with all the key content. flush can take a legacy bank or a keys/denied_keys modern bank

salt.cache.localfs_key.get_index_stats(opts)

Get statistics about the PKI index. Returns dict with stats or None if index unavailable.

salt.cache.localfs_key.init_kwargs(kwargs)

setup kwargs for cache functions

salt.cache.localfs_key.list_(bank, cachedir, **kwargs)

Return an iterable object containing all entries stored in the specified bank. Uses internal mmap index for O(1) performance when available.

salt.cache.localfs_key.list_all(bank, cachedir, include_data=False, **kwargs)

Return all entries with their data from the specified bank. This is much faster than calling list() + fetch() for each item. Returns a dict of {key: data}.

If include_data is False (default), only the state is returned for 'keys' bank, avoiding expensive file reads.

salt.cache.localfs_key.rebuild_index(opts)

Rebuild the PKI index from filesystem. Returns True on success, False on failure.

salt.cache.localfs_key.store(bank, key, data, cachedir, user, **kwargs)

Store key state information. storing a accepted/pending/rejected state means clearing it from the other 2. denied is handled separately

salt.cache.localfs_key.updated(bank, key, cachedir, **kwargs)

Return the epoch of the mtime for this cache file

Generated on April 29, 2026 at 18:59:07 UTC.

You are viewing docs built from a recent snapshot of the master branch. Switch to docs for the latest stable release, 3007.14.


saltproject.io

© 2026 VMware, Inc. | Privacy Policy