Security Config Values
-
Public Key Acceptable values: bytes The device's public key is shared with other nodes in the mesh, enabling them to calculate a shared secret key for secure communication.
-
Private Key Acceptable values: bytes The device's private key is utilized to establish a shared key with a remote device for secure communication. This key must remain confidential.
-
Admin Key Acceptable values: repeated bytes The public key(s) authorized to send administrative messages to this node. Only messages that are signed by these keys will be recognized for administrative control.
-
Managed Mode Acceptable values: true or false Activating Managed Mode prevents client applications from modifying configurations on a radio (though they can still read them). Once this mode is enabled, radio configurations can only be altered through PKC Remote Admin messages with firmware version 2.5 and above, or via the legacy Admin channel for firmware versions prior to 2.5. This setting is not necessary for the administration of remote nodes. Before enabling Managed Mode, ensure that the node can be controlled through the Remote Admin or legacy Admin channel, and that all functions are operating correctly to avoid being locked out.
-
Serial Console Acceptable values: true or false Turning this off will stop the Serial Console from initializing the Stream API.
-
Debug Log Acceptable values: true or false By default, logging is turned off when an API client connects to maintain a quiet shared serial link. Change this to true to enable the output of live debug logs over serial or Bluetooth while the API is active.
-
Admin Channel Enabled Acceptable values: true or false This option allows incoming device control through the insecure legacy admin channel. Enabling it permits control messages to be received via the older, less secure admin channel.
Device Config Client Availability
Android
All security configuration options are accessible for Android.
Open the Meshtastic App and go to: Vertical Ellipsis (three dots in the top right) > Radio Configuration > Security.
Apple
All security configuration options can be found on iOS, iPadOS, and macOS under Settings > Radio Configuration > Security.
CLI
All security configuration options are accessible in the Python CLI. Below are example commands:
| Setting | Acceptable Values | Default |
| security.public_key | bytes | None |
| security.private_key | bytes | None |
| security.admin_key | repeated bytes | None |
| security.is_managed | true, false | FALSE |
| security.serial_enabled | true, false | TRUE |
| security.debug_log_api_enabled | true, false | FALSE |
| security.admin_channel_enabled | true, false | FALSE |
-
Disable serial console
| meshtastic --set security.serial_enabled false |
-
Enable debug logging
| meshtastic --set security.debug_log_api_enabled true |
NOTE: Since the device may reboot after each command is sent through the CLI, it is advisable to chain commands together as one when setting multiple values in a configuration section. For example:
| meshtastic --set security.is_managed false --set device.debug_log_api_enabled true |
Web
All security configuration options are accessible in the Web client; however, currently, only one Remote Admin public key can be set.
Security Keys: How to Backup and Restore
Backup
Public and private keys will be lost and regenerated if you perform a firmware erase and reinstall. It is essential to back up your keys to ensure encrypted direct messaging with existing nodes on your mesh.
Suggested backup methods:
-
Using the Meshtastic CLI, execute: meshtastic --export-config > config_backup.yaml This command will save your complete configuration, including both public and private keys, to a file.
-
Copy the keys to a secure location, such as a password-protected note.
-
Take a screenshot—this is the simplest method, but ensure that you have saved the entire content of both keys.
Restore
To restore your keys, you can:
-
Use the Meshtastic CLI to execute: meshtastic --configure config_backup.yaml This is the quickest method to return your entire node to its previous state!
-
Manually paste or re-enter the keys into the client app from your saved location.
