Documentation

openssl_privatekey - Generate OpenSSL private keys.

New in version 2.3.

Synopsis

  • This module allows one to (re)generate OpenSSL private keys. It uses the pyOpenSSL python library to interact with openssl. One can generate either RSA or DSA private keys. Keys are generated in PEM format.

Options

parameter required default choices comments
force
no
  • True
  • False
Should the key be regenerated even it it already exists
path
yes
Name of the file in which the generated TLS/SSL private key will be written. It will have 0600 mode.
size
no 4096
Size (in bits) of the TLS/SSL key to generate
state
no present
  • present
  • absent
Whether the private key should exist or not, taking action if the state is different from what is stated.
type
no RSA
  • RSA
  • DSA
The algorithm used to generate the TLS/SSL private key

Examples

# Generate an OpenSSL private key with the default values (4096 bits, RSA)
# and no public key
- openssl_privatekey:
    path: /etc/ssl/private/ansible.com.pem

# Generate an OpenSSL private key with a different size (2048 bits)
- openssl_privatekey:
    path: /etc/ssl/private/ansible.com.pem
    size: 2048

# Force regenerate an OpenSSL private key if it already exists
- openssl_privatekey:
    path: /etc/ssl/private/ansible.com.pem
    force: True

# Generate an OpenSSL private key with a different algorithm (DSA)
- openssl_privatekey:
    path: /etc/ssl/private/ansible.com.pem
    type: DSA

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
size Size (in bits) of the TLS/SSL private key changed or success int 4096
type Algorithm used to generate the TLS/SSL private key changed or success string RSA
filename Path to the generated TLS/SSL private key file changed or success string /etc/ssl/private/ansible.com.pem


Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Support

This module is community maintained without core committer oversight.

For more information on what this means please read Module Support

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.