How To Generate YubiKey Configurations in Bulk

To enroll multiple YubiKeys at once, follow these instructions. 

Important:  Remove any YubiKey from your system that you do not want to program.  This process will clear any keys that are inserted while running so be careful not to overwrite existing keys.

  1. Open the YubiKey Personalization Tool

  2. Open Settings.  Under Logging Settings enabled the checkbox for Log configuration output, then select Flexible format from the drop-down box.  Enter the format exactly as shown: {serial},{pvtIdTxt},{secretKeyTxt}


  1. Select Yubico OTP from the top menu.

  2. Select Advanced

  3. If these are new keys that will be used mainly for UCB purposes then select to configure Configuration Slot 1.

    1. If the keys are already configured to use online Yubico services, then select to configure Configuration Slot 2.

  4. Select Program Multiple YubiKeys

  5. Select Automatically program YubiKeys when inserted

  6. For the Parameter Generation Scheme select Identity from serial; Randomize Secrets

  7. Under Yubico OTP Parameters clear the Public Identity checkbox.

  1. Insert a key that you wish to overwrite

  2. Under Actions select Write Configuration

  3. Read and acknowledge the confirmation, if you are programming a lot of keys and this is your intention select Don't show this message again.

  4. Click Yes

  5. You will be prompted to save a log file, select the location.  This file will be needed by CalNet to import into Duo.

  6. A message indicating that the key has been programmed will appear under Results.

  7. To program more keys, remove the existing key, insert a new key and the results log will indicate that each is programmed.

  8. When finished open a ticket with the CalNet team to add your keys to Duo.  DO NOT attach the output from the YubiKey Personalization Tool to your ticket.  Instead, the CalNet team will instruct you on a secure way to transmit the file.