# VRF Keys > If you are not an **Orakl Network VRF Node Operator**, you do not need to read the explanation on this page. The **Orakl Network VRF Worker** needs an access to a private VRF keys (`sk`) to produce a provably random number given the consumer seed (received from on-chain). The **Orakl Network VRF Listener** requires a key hash (`keyHash`) that uniquely represents VRF keys. Typically, an **Orakl Network VRF Node Operator** does not need more than a single set of VRF keys (`pk`, `sk`, `pkX`, `pkY` and `keyHash`). The **Orakl Network CLI** provides commands to * [List VRF Keys](#list-vrf-keys) * [Generate VRF Keys](#generate-vrf-keys) * [Insert VRF Keys](#insert-vrf-keys) * [Remove VRF Keys Specified By `id`](#remove-vrf-keys-specified-by-id) ### List VRF Keys All VRF keys registered in the Orakl Network state can be listed with a `vrf list` command. ```sh orakl-cli vrf list ``` To display VRF keys that are associated with a specific chain, you can apply an additional `--chain` parameter. ```sh orakl-cli vrf list \ --chain ${chain} ``` ### Generate VRF Keys VRF keys can be generated with `vrf keygen` command. ```sh orakl-cli vrf keygen ``` The `vrf keygen` command produces an output similar to the one below. VRF key generation is random, therefore the output will change with every new run. `sk` represents a private key that should never be shared with anybody who you do not trust. ``` sk=ebeb5229570725793797e30a426d7ef8aca79d38ff330d7d1f28485d2366de32 pk=045b8175cfb6e7d479682a50b19241671906f706bd71e30d7e80fd5ff522c41bf0588735865a5faa121c3801b0b0581440bdde24b03dc4c4541df9555d15223e82 pkX=41389205596727393921445837404963099032198113370266717620546075917307049417712 pkY=40042424443779217635966540867474786311411229770852010943594459290130507251330 keyHash=0x6f32373625e3d1f8f303196cbb78020ac2503acd1129e44b36b425781a9664ac ``` The `vrf keygen` command only generates VRF keys. If you want to use them in the **Orakl Network VRF**, you need to insert them to the Orakl Network state through `vrf insert` command. ### Insert VRF Keys New VRF keys can be inserted using `vrf insert` command. The command below demonstrates how to insert VRF keys generated by the `vrf keygen` command above and associate with `baobab` chain. ```sh orakl-cli vrf insert \ --sk ebeb5229570725793797e30a426d7ef8aca79d38ff330d7d1f28485d2366de32 \ --pk 045b8175cfb6e7d479682a50b19241671906f706bd71e30d7e80fd5ff522c41bf0588735865a5faa121c3801b0b0581440bdde24b03dc4c4541df9555d15223e82 \ --pkX 41389205596727393921445837404963099032198113370266717620546075917307049417712 \ --pkY 40042424443779217635966540867474786311411229770852010943594459290130507251330 \ --keyHash 0x6f32373625e3d1f8f303196cbb78020ac2503acd1129e44b36b425781a9664ac \ --chain baobab ``` ### Remove VRF Keys Specified By `id` VRF keys can be removed based on their `id`, using the `--id` parameter applied to `vrf remove` command. ```sh orakl-cli vrf remove \ --id ${id} ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.orakl.network/node-operators-guide/cli/vrf-keys.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.