preload

preload [options] subprocess ...
preload [options] pause
preload [options] exit

Loads keys into a module before an application is run in another session.

With no options, does nothing.

By default, keys protected by explicitly requested (or interactively loaded) cardsets will be loaded and FIPS auth will be loaded on all modules that it is easily available on.

The pause argument makes preload pause after loading keys or cardsets. This is useful to load keys in one session and use them in another.

The exit argument causes preload to exit immediately after loading keys or cardsets. This is useful to add to an existing preload session.

By default, preload files are placed in directories private to the user that creates them. If preload files are to be shared between users then the --preload-file option must be used to specify an alternative location.

All file paths supplied as options to preload must be surrounded by quotations to avoid ambiguity.

Option Description

Option	Description
Cardset selection options
`-c IDENT, --cardset=IDENT`	Load all cardsets matching `IDENT`. If `IDENT` looks like a hash it will be interpreted as that, otherwise it will be interpreted as a name. If it’s definitely a name, use `--cardset-name`.
`--cardset-name=NAME`	Loads cardset(s) named `NAME`.
`-i, --interactive`	Loads cardsets interactively until told to stop.
`-o, --any-one`	Loads a single cardset.
`-s IDENT, --softcard=IDENT`	Loads all softcards matching `IDENT`. If `IDENT` looks like a hash it will be interpreted as that, otherwise it will be interpreted as a name.
`--softcard-name=NAME`	Loads softcard(s) named `NAME`.
Key selection options
`-A APP, --appname=APP`	Chooses the appname `APP` for subsequent `-K` options.
`--admin=KEYS`	Loads admin keys listed as a comma-separated list, or loads all admin keys if the value for `KEYS` is set to `all`.
`-K PATTERN, --key-ident=PATTERN`	Loads keys with ident matching `PATTERN` from most recently chosen appname.
`--list-admin`	Lists available admin key names for `--admin`.
`-M, --module-prot`	Loads all module protected keys, in addition to any others requested.
`-n PATTERN, --name-pattern=PATTERN`	Loads keys with the name matching `PATTERN`.
`--name-exact=NAME`	Loads keys with the name `NAME`.
`--no-cardset-keys`	Doesn’t automatically load keys protected by requested tokens. This option has been superseded by the `--no-token-keys` option.
`--no-token-keys`	Doesn’t automatically load keys protected by requested tokens.
FIPS options
`-F, --require-fips`	Requires `FIPS-auth` to be loaded. Overrides a previous `-N`.
`-N, --no-fips`	Loads FIPS where required, but do not record `FIPS-auth`. Overrides a previous `-F`.
Loading options
`-f PRELOAD_FILE, --preload-file=PRELOAD_FILE`	Uses specified preloaded objects file, instead of the default.
`-H, --high-availability`	High availability mode.
`--polling-interval=POLLING_INTERVAL`	Interval in seconds between polls for changes to the module list. Default: `60`. High availability mode only.
`-R, --reload-everything`	Reloads keys and tokens that are already loaded.
`--show-key-info`	Displays key information for keys as they are loaded.
Logging options
`-l, --file-logging`	Enable log to file.
`--log-file=LOG_FILE`	The file destination for the log. Default: `preload_%pid.log` in the `nfast` log directory.
`--log-level=LOG_LEVEL`	The log level to log. One of DEBUG, INFO, WARNING, ERROR, CRITICAL. Default is INFO.
`-S, --no-stderr-logging`	Doesn’t log to `stderr`. Independent of file logging.
Module selection
`-m`, `--module=MODULE`	Specifies the number ID to use. If you only have one module, `MODULE` is `1`. If you do not specify a module ID, `preload` uses all modules by default.
Help options
`-h`, `--help`	Displays help for `preload`.
`--version`	Displays the version number of the Security World Software that deploys `preload`.

Cardset selection options

-c IDENT, --cardset=IDENT

Load all cardsets matching IDENT. If IDENT looks like a hash it will be interpreted as that, otherwise it will be interpreted as a name. If it’s definitely a name, use --cardset-name.

--cardset-name=NAME

Loads cardset(s) named NAME.

-i, --interactive

Loads cardsets interactively until told to stop.

-o, --any-one

Loads a single cardset.

-s IDENT, --softcard=IDENT

Loads all softcards matching IDENT. If IDENT looks like a hash it will be interpreted as that, otherwise it will be interpreted as a name.

--softcard-name=NAME

Loads softcard(s) named NAME.

Key selection options

-A APP, --appname=APP

Chooses the appname APP for subsequent -K options.

--admin=KEYS

Loads admin keys listed as a comma-separated list, or loads all admin keys if the value for KEYS is set to all.

-K PATTERN, --key-ident=PATTERN

Loads keys with ident matching PATTERN from most recently chosen appname.

--list-admin

Lists available admin key names for --admin.

-M, --module-prot

Loads all module protected keys, in addition to any others requested.

-n PATTERN, --name-pattern=PATTERN

Loads keys with the name matching PATTERN.

--name-exact=NAME

Loads keys with the name NAME.

--no-cardset-keys

Doesn’t automatically load keys protected by requested tokens. This option has been superseded by the --no-token-keys option.

--no-token-keys

Doesn’t automatically load keys protected by requested tokens.

FIPS options

-F, --require-fips

Requires FIPS-auth to be loaded. Overrides a previous -N.

-N, --no-fips

Loads FIPS where required, but do not record FIPS-auth. Overrides a previous -F.

Loading options

-f PRELOAD_FILE, --preload-file=PRELOAD_FILE

Uses specified preloaded objects file, instead of the default.

-H, --high-availability

High availability mode.

--polling-interval=POLLING_INTERVAL

Interval in seconds between polls for changes to the module list.
Default: 60.
High availability mode only.

-R, --reload-everything

Reloads keys and tokens that are already loaded.

--show-key-info

Displays key information for keys as they are loaded.

Logging options

-l, --file-logging

Enable log to file.

--log-file=LOG_FILE

The file destination for the log. Default: preload_%pid.log in the nfast log directory.

--log-level=LOG_LEVEL

The log level to log. One of DEBUG, INFO, WARNING, ERROR, CRITICAL. Default is INFO.

-S, --no-stderr-logging

Doesn’t log to stderr. Independent of file logging.

Module selection

-m, --module=MODULE

Specifies the number ID to use.
If you only have one module, MODULE is 1.
If you do not specify a module ID, preload uses all modules by default.

Help options

-h, --help

Displays help for preload.

--version

Displays the version number of the Security World Software that deploys preload.

Pattern matching in preload commands

Options to preload that use pattern matching can accept the following wildcards:

*	Everything
?	A single character
[seq]	Any character in seq
[!seq]	Any character not in seq

Always surround arguments containing wildcards with quotations.