Set up a Client to Master Validation Fingerprint

In highly secure network configurations you may wish to ensure your Salt clients are connecting a specific master. To set up validation from client to master start by entering the master’s fingerprint within a Salt minion configuration file:

  • /etc/salt/minion.d/custom.conf in cases of using classic Salt minion in your client, or

  • /etc/venv-salt-minion/minion.d/custom.conf in case of using Salt Bundle in your client

and follow the procedure:

To access a shell inside the Server container run mgrctl term on the container host.

Procedure: Adding Master’s Fingerprint to Client
  1. On the master, at the command prompt, as root, use this command to find the fingerprint:

    salt-key -F master

    On your client, open the /etc/salt/minion.d/custom.conf or /etc/venv-salt-minion/minion.d/custom.conf configuration file. Add this line to enter the master’s fingerprint replacing the example fingerprint:

    master_finger: 'ba:30:65:2a:d6:9e:20:4f:d8:b2:f3:a7:d4:65:11:13'
  2. Restart the service. For salt-minion, run:

    systemctl restart salt-minion
  3. Or, for venv-salt-minion, run:

    systemctl restart venv-salt-minion

For more information about Salt Bundle, see Salt Bundle.

For information on configuring security from a client, see