ansible.builtin.rpm_key module – Adds or removes a gpg key from the rpm db

Note

This module is part of ansible-core and included in all Ansible installations. In most cases, you can use the short module name rpm_key even without specifying the collections keyword. However, we recommend you use the Fully Qualified Collection Name (FQCN) ansible.builtin.rpm_key for easy linking to the module documentation and to avoid conflicting with other collections that may have the same module name.

Synopsis

  • Adds or removes rpm --import a gpg key to your rpm database.

Parameters

Parameter

Comments

fingerprint

list / elements=string

added in Ansible 2.9

The long-form fingerprint of the key being imported.

This will be used to verify the specified key.

key

string / required

Key that will be modified. Can be a url, a file on the managed node, or a keyid if the key already exists in the database.

state

string

If the key will be imported or removed from the rpm db.

Choices:

  • "absent"

  • "present" ← (default)

validate_certs

boolean

If false and the key is a url starting with https, SSL certificates will not be validated.

This should only be used on personally controlled sites using self-signed certificates.

Choices:

  • false

  • true ← (default)

Attributes

Attribute

Support

Description

check_mode

Support: full

Can run in check_mode and return changed status prediction without modifying target, if not supported the action will be skipped.

diff_mode

Support: none

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode

platform

Platform: rhel

Target OS/families that can be operated against

Examples

- name: Import a key from a url
  ansible.builtin.rpm_key:
    state: present
    key: http://apt.sw.be/RPM-GPG-KEY.dag.txt

- name: Import a key from a file
  ansible.builtin.rpm_key:
    state: present
    key: /path/to/key.gpg

- name: Ensure a key is not present in the db
  ansible.builtin.rpm_key:
    state: absent
    key: DEADB33F

- name: Verify the key, using a fingerprint, before import
  ansible.builtin.rpm_key:
    key: /path/to/RPM-GPG-KEY.dag.txt
    fingerprint: EBC6 E12C 62B1 C734 026B  2122 A20E 5214 6B8D 79E6

- name: Verify the key, using multiple fingerprints, before import
  ansible.builtin.rpm_key:
    key: /path/to/RPM-GPG-KEY.dag.txt
    fingerprint:
      - EBC6 E12C 62B1 C734 026B  2122 A20E 5214 6B8D 79E6
      - 19B7 913E 6284 8E3F 4D78 D6B4 ECD9 1AB2 2EB6 8D86

Authors

  • Hector Acosta (@hacosta)