Skip to content
Go to file
Cannot retrieve contributors at this time
278 lines (159 sloc) 7.13 KB
turnadmin is a TURN administration tool. This tool can be used to manage
the user accounts (add/remove users, generate
TURN keys for the users). For security reasons, we do not recommend
storing passwords openly. The better option is to use pre-processed "keys"
which are then used for authentication. These keys are generated by turnadmin.
Turnadmin is a link to turnserver binary, but turnadmin performs different
Options note: turnadmin has long and short option names, for most options.
Some options have only long form, some options have only short form. Their syntax
somewhat different, if an argument is required:
The short form must be used as this (for example):
$ turnadmin -u <username> ...
The long form equivalent must use the "=" character:
$ turnadmin --user=<username> ...
If this is a flag option (no argument required) then their usage are the same, for example:
$ turnadmin -k ...
is equivalent to:
$ turnadmin --key ...
You have always the use the -r <realm> option with commands for long term credentials -
because data for multiple realms can be stored in the same database.
turnadmin - a TURN relay administration tool.
$ turnadmin [command] [options]
$ turnadmin [ -h | --help]
-P, --generate-encrypted-password Generate and print to the standard
output an encrypted form of a password (for web admin user or CLI).
The value then can be used as a safe key for the password
storage on disk or in the database. Every invocation for the same password
produces a different result. The format of the encrypted password is:
$5$<...salt...>$<...sha256(salt+password)...>. Salt is 16 characters,
the sha256 output is 64 characters. Character 5 is the algorithm id (sha256).
Only sha256 is supported as the hash function.
-k, --key Generate key for a long-term credentials mechanism user.
-a, --add Add or update a long-term user.
-A, --add-admin Add or update an admin user.
-d, --delete Delete a long-term user.
-D, --delete-admin Delete an admin user.
-l, --list List long-term users in the database.
-L, --list-admin List admin users in the database.
-s, --set-secret=<value> Add shared secret for TURN REST API
-S, --show-secret Show stored shared secrets for TURN REST API
-X, --delete-secret=<value> Delete a shared secret.
--delete-all_secrets Delete all shared secrets for REST API.
-O, --add-origin Add origin-to-realm relation.
-R, --del-origin Delete origin-to-realm relation.
-I, --list-origins List origin-to-realm relations.
-g, --set-realm-option Set realm params: max-bps, total-quota, user-quota.
-G, --list-realm-options List realm params.
-E, --generate-encrypted-password-aes Generate and print to the standard output
an encrypted form of password with AES-128
Options with required values:
-b, --db, --userdb SQLite user database file name (default - /var/db/turndb or
/usr/local/var/db/turndb or /var/lib/turn/turndb).
See the same option in the turnserver section.
-e, --psql-userdb PostgreSQL user database connection string.
See the --psql-userdb option in the turnserver section.
-M, --mysql-userdb MySQL user database connection string.
See the --mysql-userdb option in the turnserver section.
-J, --mongo-userdb MongoDB user database connection string.
See the --mysql-mongo option in the turnserver section.
-N, --redis-userdb Redis user database connection string.
See the --redis-userdb option in the turnserver section.
-u, --user User name.
-r, --realm Realm.
-p, --password Password.
-x, --key-path Generates a 128 bit key into the given path.
-f, --file-key-path Contains a 128 bit key in the given path.
-v, --verify Verify a given base64 encrypted type password.
-o, --origin Origin
--max-bps Set value of realm's max-bps parameter.
--total-quota Set value of realm's total-quota parameter.
--user-quota Set value of realm's user-quota parameter.
-h, --help Help.
Command examples:
Generate an encrypted form of a password:
$ turnadmin -P -p <password>
Generate a key:
$ turnadmin -k -u <username> -r <realm> -p <password>
Add/update a user in the in the database:
$ turnadmin -a [-b <userdb-file> | -e <db-connection-string> | -M <db-connection-string> | -N <db-connection-string> ] -u <username> -r <realm> -p <password>
Delete a user from the database:
$ turnadmin -d [-b <userdb-file> | -e <db-connection-string> | -M <db-connection-string> | -N <db-connection-string> ] -u <username> -r <realm>
List all long-term users in MySQL database:
$ turnadmin -l --mysql-userdb="<db-connection-string>" -r <realm>
List all admin users in Redis database:
$ turnadmin -L --redis-userdb="<db-connection-string>"
Set secret in MySQL database:
$ turnadmin -s <secret> --mysql-userdb="<db-connection-string>" -r <realm>
Show secret stored in PostgreSQL database:
$ turnadmin -S --psql-userdb="<db-connection-string>" -r <realm>
Set origin-to-realm relation in MySQL database:
$ turnadmin --mysql-userdb="<db-connection-string>" -r <realm> -o <origin>
Delete origin-to-realm relation from Redis DB:
$ turnadmin --redis-userdb="<db-connection-string>" -o <origin>
List all origin-to-realm relations in Redis DB:
$ turnadmin --redis-userdb="<db-connection-string>" -I
List the origin-to-realm relations in PostgreSQL DB for a single realm:
$ turnadmin --psql-userdb="<db-connection-string>" -I -r <realm>
Create new key file for mysql password encryption:
$ turnadmin -E --key-path <key-file>
Create encrypted mysql password:
$ turnadmin -E --file-key-path <key-file> -p <secret>
Verify/decrypt encrypted password:
$ turnadmin --file-key-path <key-file> -v <encrypted>
$ turnadmin -h
After installation, run the command:
$ man turnadmin
or in the project root directory:
$ man -M man turnadmin
to see the man page.
turnserver, turnutils
project page:
Wiki page:
Oleg Moskalenko <>
Gabor Kovesdan
Daniel Pocock
John Selbie (
Lee Sylvester <>
Erik Johnston <>
Roman Lisagor <>
Vladimir Tsanev <>
Po-sheng Lin <>
Peter Dunkley <>
Mutsutoshi Yoshimoto <>
Federico Pinna <>
Bradley T. Hughes <>
Mihály Mészáros <>
Mihály Mészáros <>