Authorization
Control which clients can connect to your Remi daemon by managing a list of authorized public keys.
remi authorize
Add a client's public key to the authorized keys list.
remi authorize <key-file>
The key file should contain a public key export (from remi export-key --public-only on the client side). Once authorized, that client can authenticate during the connection handshake.
Adding a Label
Use --label to give the key a human-readable name:
remi authorize client-key.json --label "My Phone"
Example Workflow
On the client device:
remi export-key --public-only > my-phone.json
# Transfer my-phone.json to the server
On the server:
remi authorize my-phone.json --label "My Phone"
Authorized key added:
Fingerprint: a1b2c3d4e5f6...
Label: My Phone
Options
| Option | Description |
|---|---|
--label NAME | Human-readable label for the key |
remi keys
List all authorized client keys.
remi keys
Output:
2 authorized key(s):
FINGERPRINT LABEL ADDED LAST USED
----------------------------------------------------------------
a1b2c3d4e5f6... My Phone 3/1/2026 3/1/2026
b8c9d0e1f2a3... Work Laptop 2/15/2026 2/28/2026
Each entry shows the fingerprint, label, date added, and last used date.
Removing Keys
Remove an authorized key by its fingerprint:
remi authorize --remove <fingerprint>
You can use a prefix of the fingerprint as long as it uniquely identifies the key:
remi authorize --remove a1b2c3d4
Authorized Keys File
Authorized keys are stored in ~/.remi/authorized_keys.json. Each entry contains the public key, fingerprint, label, and timestamps.