diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
index 35d850fae0..d300e8bffb 100644
--- a/bin/confgen/keygen.c
+++ b/bin/confgen/keygen.c
@@ -198,5 +198,4 @@ write_key_file(const char *keyfile, const char *user, const char *keyname,
 	if (fclose(fd)) {
 		fatal("fclose(%s) failed\n", keyfile);
 	}
-	fprintf(stderr, "wrote key file \"%s\"\n", keyfile);
 }
diff --git a/bin/confgen/rndc-confgen.c b/bin/confgen/rndc-confgen.c
index 2d79599550..c309bb970a 100644
--- a/bin/confgen/rndc-confgen.c
+++ b/bin/confgen/rndc-confgen.c
@@ -76,6 +76,7 @@ Usage:\n\
   -c keyfile:	 specify an alternate key file (requires -a)\n\
   -k keyname:	 the name as it will be used  in named.conf and rndc.conf\n\
   -p port:	 the port named will listen on and rndc will connect to\n\
+  -q:		 suppress printing written key path\n\
   -s addr:	 the address to which rndc should connect\n\
   -t chrootdir:	 write a keyfile in chrootdir as well (requires -a)\n\
   -u user:	 set the keyfile owner to \"user\" (requires -a)\n",
@@ -104,6 +105,7 @@ main(int argc, char **argv) {
 	char *chrootdir = NULL;
 	char *user = NULL;
 	bool keyonly = false;
+	bool quiet = false;
 	int len;
 
 	keydef = keyfile = RNDC_KEYFILE;
@@ -164,6 +166,9 @@ main(int argc, char **argv) {
 				      isc_commandline_argument);
 			}
 			break;
+		case 'q':
+			quiet = true;
+			break;
 		case 'r':
 			fatal("The -r option has been deprecated.");
 			break;
@@ -227,6 +232,9 @@ main(int argc, char **argv) {
 	if (keyonly) {
 		write_key_file(keyfile, chrootdir == NULL ? user : NULL,
 			       keyname, &key_txtbuffer, alg);
+		if (!quiet) {
+			printf("wrote key file \"%s\"\n", keyfile);
+		}
 
 		if (chrootdir != NULL) {
 			char *buf;
@@ -236,6 +244,9 @@ main(int argc, char **argv) {
 				 (*keyfile != '/') ? "/" : "", keyfile);
 
 			write_key_file(buf, user, keyname, &key_txtbuffer, alg);
+			if (!quiet) {
+				printf("wrote key file \"%s\"\n", buf);
+			}
 			isc_mem_put(mctx, buf, len);
 		}
 	} else {
diff --git a/bin/confgen/rndc-confgen.rst b/bin/confgen/rndc-confgen.rst
index 35900d05b0..c1c53b5519 100644
--- a/bin/confgen/rndc-confgen.rst
+++ b/bin/confgen/rndc-confgen.rst
@@ -86,6 +86,9 @@ Arguments
    Specifies the command channel port where ``named`` listens for
    connections from ``rndc``. The default is 953.
 
+**-q**
+   Omits printing written path in automatic configuration mode.
+
 **-s** address
    Specifies the IP address where ``named`` listens for command channel
    connections from ``rndc``. The default is the loopback address