ansible.builtin.rpm_key – Adds or removes a gpg key from the rpm db

Note

This module is part of ansible-base and included in all Ansible installations. In most cases, you can use the short module name rpm_key even without specifying the collections: keyword. Despite that, we recommend you use the FQCN for easy linking to the module documentation and to avoid conflicting with other collections that may have the same module name.

New in version 1.3: of ansible.builtin

Synopsis

  • Adds or removes (rpm –import) a gpg key to your rpm database.

Parameters

Parameter Choices/Defaults Comments
fingerprint
string
added in 2.9 of ansible.builtin
The long-form fingerprint of the key being imported.
This will be used to verify the specified key.
key
string / required
Key that will be modified. Can be a url, a file on the managed node, or a keyid if the key already exists in the database.
state
string
    Choices:
  • absent
  • present ←
If the key will be imported or removed from the rpm db.
validate_certs
boolean
    Choices:
  • no
  • yes ←
If no and the key is a url starting with https, SSL certificates will not be validated.
This should only be used on personally controlled sites using self-signed certificates.

Notes

Note

  • Supports check_mode.

Examples

- name: Import a key from a url
  ansible.builtin.rpm_key:
    state: present
    key: http://apt.sw.be/RPM-GPG-KEY.dag.txt

- name: Import a key from a file
  ansible.builtin.rpm_key:
    state: present
    key: /path/to/key.gpg

- name: Ensure a key is not present in the db
  ansible.builtin.rpm_key:
    state: absent
    key: DEADB33F

- name: Verify the key, using a fingerprint, before import
  ansible.builtin.rpm_key:
    key: /path/to/RPM-GPG-KEY.dag.txt
    fingerprint: EBC6 E12C 62B1 C734 026B  2122 A20E 5214 6B8D 79E6

Authors