cw-trust - Clockwork Trust Database Utility


cw-trust [OPTIONS] --trust

cw-trust [OPTIONS] --revoke


Clockwork is a configuration management system designed to securely and correctly enforce configuration policies on lots of hosts.

It can ensure that files have the right attributes (owner, group, permissions, etc.) and content. It can maintain a specific set of installed packages, and even make sure that system user accounts exist.

cw-trust is a utility for managing a database of trusted Clockwork certificates, which is called a trust database, or just trustdb for short. It allows site administrators to trust or revoke certificates.

When clockd is running in security.strict mode, it will consult a trust database to determine if client cogd instances are trusted enough to receive potentially sensitive policy and configuration files.


-d, --database /path/to/trustdb

Specify the path to the trust database to update or create. If the file does not exist, it will be created for you.

Defaults to /etc/clockwork/certs/trusted.

-t, --trust

Add certificates given on the command line to the trust database. This is the default mode of cw-trust.

-r, --revoke

Remove the certificates given on the command line from the trust database, if they are currently trusted.


A trustdb is really just a list of the trusted certificates, each accounted for by public key (in hexadecimal encoding) and the identity of the certificate (for human consumption). The database files are simple text files that can be viewed and edited manually.

Here is an example database file:

417b7f7946b6c65db58e86c5a66cbc698dbd1b15492e29372f927cf91620947e other-host

Empty lines will be ignored, as will any line starting with the comment character, '#'. Keep in mind, however, that cw-trust will strip out all of the comments and reformat the trustdb.


clockwork(7), clockd(1), clockd.conf(5) and cogd.conf(5)


Clockwork was designed and written by James Hunt.

The Clockwork website is licensed under the Creative Commons Attribution-NoDerivs 3.0 United States License