diff --git a/pkgs/default.nix b/pkgs/default.nix
index ceaf09b..35fe929 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -2,4 +2,5 @@
 { pkgs, ... }: {
   qrclip = pkgs.callPackage ./qrclip { };
   zbar = pkgs.callPackage ./zbar { };
+  yubikey-manager = pkgs.callPackage ./yubikey-manager { };
 }
diff --git a/pkgs/yubikey-manager/default.nix b/pkgs/yubikey-manager/default.nix
new file mode 100644
index 0000000..5cde0ae
--- /dev/null
+++ b/pkgs/yubikey-manager/default.nix
@@ -0,0 +1,68 @@
+{ python3Packages, fetchFromGitHub, lib, yubikey-personalization, libu2f-host, libusb1, procps }:
+
+python3Packages.buildPythonPackage rec {
+  pname = "yubikey-manager";
+  version = "4.0.8";
+  format = "pyproject";
+
+  src = fetchFromGitHub {
+    repo = "yubikey-manager";
+    rev = version;
+    owner = "Yubico";
+    sha256 = "sha256-OszXOu/NhoX4WutsT4Z1LsY54KTOWRKt13yDo2fzDbA=";
+  };
+
+  patches  = [ ./lol.patch ];
+  doCheck = false;
+
+  postPatch = ''
+    substituteInPlace pyproject.toml \
+      --replace 'cryptography = "^2.1 || ^3.0"' 'cryptography = "*"'
+    substituteInPlace "ykman/pcsc/__init__.py" \
+      --replace 'pkill' '${procps}/bin/pkill'
+  '';
+
+  nativeBuildInputs = with python3Packages; [ poetry-core ];
+
+  propagatedBuildInputs =
+    with python3Packages; [
+      click
+      cryptography
+      pyscard
+      pyusb
+      six
+      fido2
+    ] ++ [
+      libu2f-host
+      libusb1
+      yubikey-personalization
+    ];
+
+  makeWrapperArgs = [
+    "--prefix" "LD_LIBRARY_PATH" ":"
+    (lib.makeLibraryPath [ libu2f-host libusb1 yubikey-personalization ])
+  ];
+
+  postInstall = ''
+    mkdir -p "$out/man/man1"
+    cp man/ykman.1 "$out/man/man1"
+
+    mkdir -p $out/share/bash-completion/completions
+    _YKMAN_COMPLETE=source $out/bin/ykman > $out/share/bash-completion/completions/ykman || :
+    mkdir -p $out/share/zsh/site-functions/
+    _YKMAN_COMPLETE=source_zsh "$out/bin/ykman" > "$out/share/zsh/site-functions/_ykman" || :
+    substituteInPlace "$out/share/zsh/site-functions/_ykman" \
+      --replace 'compdef _ykman_completion ykman;' '_ykman_completion "$@"'
+  '';
+
+  checkInputs = with python3Packages; [ pytestCheckHook makefun ];
+
+  meta = with lib; {
+    homepage = "https://developers.yubico.com/yubikey-manager";
+    description = "Command line tool for configuring any YubiKey over all USB transports";
+
+    license = licenses.bsd2;
+    platforms = platforms.unix;
+    maintainers = with maintainers; [ benley lassulus pinpox ];
+  };
+}
diff --git a/pkgs/yubikey-manager/lol.patch b/pkgs/yubikey-manager/lol.patch
new file mode 100644
index 0000000..c14be96
--- /dev/null
+++ b/pkgs/yubikey-manager/lol.patch
@@ -0,0 +1,12 @@
+diff --git a/pyproject.toml b/pyproject.toml
+index 7544201..9caa5c6 100644
+--- a/pyproject.toml
++++ b/pyproject.toml
+@@ -30,7 +30,6 @@ packages = [
+ python = "^3.6"
+ dataclasses = {version = "^0.8", python = "<3.7"}
+ cryptography = ">=2.1, <39"
+-pyOpenSSL = {version = ">=0.15.1", optional = true}
+ pyscard = "^1.9 || ^2.0"
+ fido2 = ">=0.9, <1.0"
+ click = "^6.0 || ^7.0 || ^8.0"