Set up a Client to Master Validation Fingerprint

In highly secure network configurations you may wish to ensure your Salt clients are connecting a specific master. To set up validation from client to master start by entering the master’s fingerprint within a Salt minion configuration file:

/etc/salt/minion.d/custom.conf in cases of using classic Salt minion in your client, or
/etc/venv-salt-minion/minion.d/custom.conf in case of using Salt Bundle in your client

and follow the procedure:

To access a shell inside the Server container run mgrctl term on the container host.

Procedure: Adding Master’s Fingerprint to Client

On the master, at the command prompt, as root, use this command to find the master.pub fingerprint:
```
salt-key -F master
```
On your client, open the /etc/salt/minion.d/custom.conf or /etc/venv-salt-minion/minion.d/custom.conf configuration file. Add this line to enter the master’s fingerprint replacing the example fingerprint:
```
master_finger: 'ba:30:65:2a:d6:9e:20:4f:d8:b2:f3:a7:d4:65:11:13'
```
Restart the service. For salt-minion, run:
```
systemctl restart salt-minion
```
Or, for venv-salt-minion, run:
```
systemctl restart venv-salt-minion
```

For more information about Salt Bundle, see Salt Bundle.

For information on configuring security from a client, see https://docs.saltstack.com/en/latest/ref/configuration/minion.html.