diff --git a/.vscode/settings.json b/.vscode/settings.json
index fcd2cd2..cc899e4 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -370,6 +370,7 @@
"xkcd",
"xlarge",
"yellowdog",
+ "ykman",
"yubikey",
"zstd"
]
diff --git a/knowledge base/ykman.md b/knowledge base/ykman.md
new file mode 100644
index 0000000..7b4b898
--- /dev/null
+++ b/knowledge base/ykman.md
@@ -0,0 +1,156 @@
+# `ykman`
+
+CLI tool for YubiKey management.
+
+1. [TL;DR](#tldr)
+1. [Further readings](#further-readings)
+ 1. [Sources](#sources)
+
+## TL;DR
+
+
+ Setup
+
+```sh
+apt-add-repository 'ppa:yubico/stable' && apt install 'yubikey-manager'
+brew install 'ykman'
+pip install --user 'yubikey-manager'
+pkg install 'py38-yubikey-manager'
+snap install 'ykman'
+
+source <(_YKMAN_COMPLETE='bash_source' ykman | sudo tee '/etc/bash_completion.d/ykman')
+
+# Uninstall when installed via pgk installer on OS X
+sudo rm -rf '/usr/local/bin/ykman' '/usr/local/ykman'
+```
+
+
+
+
+ Usage
+
+```sh
+# Print the executable's version
+ykman --version
+ykman -v
+
+# Enable debug mode
+ykman --log-level 'DEBUG' …
+ykman -l 'DEBUG' --log-file 'path/to/file.log' …
+
+# Specify the YukiKey to use
+ykman --device '01234567' …
+ykman -d '01234567' …
+
+# List connected YubiKeys
+ykman list
+ykman list --serials
+
+# Show information about YubiKeys
+ykman info
+ykman -d '01234567' info --check-fips
+
+# Set OTP and FIDO mode
+ykman config mode 'OTP+FIDO'
+
+# Set CCID only mode and use touch to eject the smart card
+ykman config mode 'CCID' --touch-eject
+
+# Disable PIV over NFC
+ykman config nfc --disable 'PIV'
+
+# Enable all applications over USB
+ykman config usb --enable-all
+
+# Generate and set a random application lock code
+ykman config set-lock-code --generate
+
+# Run Python scripts
+ykman script 'script.py'
+ykman script 'script.py' '123456' 'indata.csv'
+
+# Show OATH status
+ykman oath info
+ykman -d '01234567' oath info
+
+# List OATH accounts
+ykman oath accounts list
+
+# Add OATH accounts
+ykman oath accounts add 'account-name' 'secret' --touch
+
+# Generate OATH codes for accounts
+ykman oath accounts code 'account-regex'
+
+# Rename OATH accounts
+ykman oath accounts rename 'account-regex' 'new-account-name'
+
+# Delete OATH accounts
+ykman oath accounts delete 'account-regex'
+
+# Reset OATH data
+ykman oath info
+
+# Show FIDO status
+# FIDO --> FIDO2 and U2F
+ykman fido info
+
+# List stored FIDO credentials
+ykman fido credentials list --pin '123456'
+
+# Delete FIDO credentials
+ykman fido credentials delete 'credential-id'
+
+# List registered fingerprints
+ykman fido fingerprints list
+ykman fido fingerprints list --pin '123456'
+
+# Register fingerprints
+ykman fido fingerprints add 'fingerprint-name' --pin '123456'
+
+# Delete stored fingerprints
+ykman fido fingerprints delete 'fingerprint-id'
+
+# Reset FIDO data
+ykman fido reset
+ykman fido reset --force
+
+# Change FIDO PIN
+ykman fido access change-pin --pin '123456' --new-pin '654321'
+```
+
+
+
+
+
+## Further readings
+
+- [Codebase]
+- [Documentation]
+
+### Sources
+
+- [Configuring YubiKey for Challenge-Response with YubiKey Manager (ykman)]
+
+
+
+
+
+
+
+[codebase]: https://github.com/Yubico/yubikey-manager
+[documentation]: https://docs.yubico.com/software/yubikey/tools/ykman/Using_the_ykman_CLI.html
+
+
+[configuring yubikey for challenge-response with yubikey manager (ykman)]: https://bytefreaks.net/gnulinux/bash/configuring-yubikey-for-challenge-response-with-yubikey-manager-ykman
diff --git a/snippets/yubikey.fish b/snippets/yubikey.fish
index 0fa766a..9a49c04 100644
--- a/snippets/yubikey.fish
+++ b/snippets/yubikey.fish
@@ -1,7 +1,23 @@
#!/usr/bin/env fish
+brew install --cask 'yubico-yubikey-manager'
+
+
+###
+# ykman CLI
+# ------------------
+###
+
+brew install 'ykman'
+
+ykman list
+ykman -d '00000000' info
+
+ykman oath accounts list
+
+
###
# just dump, still needs tests
###
-ssh-keygen -t 'ed25519-sk' -O 'resident' -O 'verify-required' -C "Yubikey 5C NFC"
+ssh-keygen -t 'ed25519-sk' -O 'resident' -O 'verify-required' -C 'Yubikey 5C NFC'