java_keystore – Create or delete a Java keystore in JKS format

New in version 2.7.

Synopsis

  • Create or delete a Java keystore in JKS format for a given certificate.

Requirements

The below requirements are needed on the host that executes this module.

  • openssl

  • keytool

Parameters

Parameter Choices/Defaults Comments
certificate
- / required
Certificate that should be used to create the key store.
dest
- / required
Absolute path where the jks should be generated.
force
boolean
    Choices:
  • no ←
  • yes
Key store will be created even if it already exists.
group
-
Name of the group that should own jks file.
mode
-
Mode the file should be.
name
- / required
Name of the certificate.
owner
-
Name of the user that should own jks file.
password
- / required
Password that should be used to secure the key store.
private_key
- / required
Private key that should be used to create the key store.

Examples

# Create a key store for the given certificate (inline)
- java_keystore:
    name: example
    certificate: |
      -----BEGIN CERTIFICATE-----
      h19dUZ2co2fI/ibYiwxWk4aeNE6KWvCaTQOMQ8t6Uo2XKhpL/xnjoAgh1uCQN/69
      MG+34+RhUWzCfdZH7T8/qDxJw2kEPKluaYh7KnMsba+5jHjmtzix5QIDAQABo4IB
      -----END CERTIFICATE-----
    private_key: |
      -----BEGIN RSA PRIVATE KEY-----
      DBVFTEVDVFJJQ0lURSBERSBGUkFOQ0UxFzAVBgNVBAsMDjAwMDIgNTUyMDgxMzE3
      GLlDNMw/uHyME7gHFsqJA7O11VY6O5WQ4IDP3m/s5ZV6s+Nn6Lerz17VZ99
      -----END RSA PRIVATE KEY-----
    password: changeit
    dest: /etc/security/keystore.jks

# Create a key store for the given certificate (lookup)
- java_keystore:
    name: example
    certificate: "{{lookup('file', '/path/to/certificate.crt') }}"
    private_key: "{{lookup('file', '/path/to/private.key') }}"
    password: changeit
    dest: /etc/security/keystore.jks

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
cmd
string
 changed and failure
Executed command to get action done

Sample:
openssl x509 -noout -in /tmp/cert.crt -fingerprint -sha1
msg
string
 changed and failure
Output from stdout of keytool/openssl command after execution of given command or an error.

Sample:
Unable to find the current certificate fingerprint in ...
rc
integer
 changed and failure
keytool/openssl command execution return value

Sample:
0


Status

Authors

  • Guillaume Grossetie (@Mogztter)

Hint

If you notice any issues in this documentation you can edit this document to improve it.