community.crypto.openssl_signature module – Sign data with openssl
Note
This module is part of the community.crypto collection (version 2.22.3).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.crypto
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.crypto.openssl_signature
.
New in community.crypto 1.1.0
Synopsis
This module allows one to sign data using a private key.
The module uses the cryptography Python library.
Requirements
The below requirements are needed on the host that executes this module.
cryptography >= 1.4 (some key types require newer versions)
Parameters
Parameter |
Comments |
---|---|
The file to sign. This file will only be read and not modified. |
|
The content of the private key to use when signing the certificate signing request. Either |
|
The passphrase for the private key. This is required if the private key is password protected. |
|
The path to the private key to use when signing. Either |
|
Determines which crypto backend to use. The default choice is If set to Choices:
|
Attributes
Attribute |
Support |
Description |
---|---|---|
Support: full This action does not modify state. |
Can run in |
|
Support: none |
Will return details on what has changed (or possibly needs changing in |
Notes
Note
When using the
cryptography
backend, the following key types require at least the followingcryptography
version: RSA keys:cryptography
>= 1.4 DSA and ECDSA keys:cryptography
>= 1.5 ed448 and ed25519 keys:cryptography
>= 2.6
See Also
See also
- community.crypto.openssl_signature_info
Verify signatures with openssl.
- community.crypto.openssl_privatekey
Generate OpenSSL private keys.
Examples
- name: Sign example file
community.crypto.openssl_signature:
privatekey_path: private.key
path: /tmp/example_file
register: sig
- name: Verify signature of example file
community.crypto.openssl_signature_info:
certificate_path: cert.pem
path: /tmp/example_file
signature: "{{ sig.signature }}"
register: verify
- name: Make sure the signature is valid
ansible.builtin.assert:
that:
- verify.valid
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Base64 encoded signature. Returned: success |