java_keystore – Create or delete a Java keystore in JKS format

New in version 2.7.

Synopsis

• Create or delete a Java keystore in JKS format for a given certificate.

Requirements

The below requirements are needed on the host that executes this module.

• openssl
• keytool

Parameters

Parameter	Choices/Defaults	Comments
certificate - / required		Certificate that should be used to create the key store.
dest - / required		Absolute path where the jks should be generated.
force boolean	Choices: no ← yes	Key store will be created even if it already exists.
group -		Name of the group that should own jks file.
mode -		Mode the file should be.
name - / required		Name of the certificate.
owner -		Name of the user that should own jks file.
password - / required		Password that should be used to secure the key store.
private_key - / required		Private key that should be used to create the key store.

Examples

# Create a key store for the given certificate (inline)
- java_keystore:
    name: example
    certificate: |
      -----BEGIN CERTIFICATE-----
      h19dUZ2co2fI/ibYiwxWk4aeNE6KWvCaTQOMQ8t6Uo2XKhpL/xnjoAgh1uCQN/69
      MG+34+RhUWzCfdZH7T8/qDxJw2kEPKluaYh7KnMsba+5jHjmtzix5QIDAQABo4IB
      -----END CERTIFICATE-----
    private_key: |
      -----BEGIN RSA PRIVATE KEY-----
      DBVFTEVDVFJJQ0lURSBERSBGUkFOQ0UxFzAVBgNVBAsMDjAwMDIgNTUyMDgxMzE3
      GLlDNMw/uHyME7gHFsqJA7O11VY6O5WQ4IDP3m/s5ZV6s+Nn6Lerz17VZ99
      -----END RSA PRIVATE KEY-----
    password: changeit
    dest: /etc/security/keystore.jks

# Create a key store for the given certificate (lookup)
- java_keystore:
    name: example
    certificate: "{{lookup('file', '/path/to/certificate.crt') }}"
    private_key: "{{lookup('file', '/path/to/private.key') }}"
    password: changeit
    dest: /etc/security/keystore.jks

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
cmd string	changed and failure	Executed command to get action done Sample: openssl x509 -noout -in /tmp/cert.crt -fingerprint -sha256
msg string	changed and failure	Output from stdout of keytool/openssl command after execution of given command or an error. Sample: Unable to find the current certificate fingerprint in ...
rc integer	changed and failure	keytool/openssl command execution return value Sample: 0

Status

• This module is not guaranteed to have a backwards compatible interface. [preview]
• This module is maintained by the Ansible Community. [community]

Authors

• Guillaume Grossetie (@Mogztter)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.