community.crypto.openssl_privatekey_info – Provide information for OpenSSL private keys¶
Note
This plugin is part of the community.crypto collection (version 1.6.1).
To install it use: ansible-galaxy collection install community.crypto.
To use it in a playbook, specify: community.crypto.openssl_privatekey_info.
Synopsis¶
This module allows one to query information on OpenSSL private keys.
In case the key consistency checks fail, the module will fail as this indicates a faked private key. In this case, all return variables are still returned. Note that key consistency checks are not available all key types; if none is available,
noneis returned forkey_is_consistent.It uses the pyOpenSSL or cryptography python library to interact with OpenSSL. If both the cryptography and PyOpenSSL libraries are available (and meet the minimum version requirements) cryptography will be preferred as a backend over PyOpenSSL (unless the backend is forced with
select_crypto_backend). Please note that the PyOpenSSL backend was deprecated in Ansible 2.9 and will be removed in community.crypto 2.0.0.
Requirements¶
The below requirements are needed on the host that executes this module.
PyOpenSSL >= 0.15 or cryptography >= 1.2.3
Parameters¶
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
content
string
added in 1.0.0 of community.crypto
|
Content of the private key file.
Either path or content must be specified, but not both.
|
|
|
passphrase
string
|
The passphrase for the private key.
|
|
|
path
path
|
Remote absolute path where the private key file is loaded from.
|
|
|
return_private_key_data
boolean
|
|
Whether to return private key data.
Only set this to
yes when you want private information about this key to leave the remote machine.WARNING: you have to make sure that private key data isn't accidentally logged!
|
|
select_crypto_backend
string
|
|
Determines which crypto backend to use.
The default choice is
auto, which tries to use cryptography if available, and falls back to pyopenssl.If set to
pyopenssl, will try to use the pyOpenSSL library.If set to
cryptography, will try to use the cryptography library.Please note that the
pyopenssl backend has been deprecated in Ansible 2.9, and will be removed in community.crypto 2.0.0. From that point on, only the cryptography backend will be available. |
See Also¶
See also
- community.crypto.openssl_privatekey
The official documentation on the community.crypto.openssl_privatekey module.
- community.crypto.openssl_privatekey_pipe
The official documentation on the community.crypto.openssl_privatekey_pipe module.
Examples¶
- name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
community.crypto.openssl_privatekey:
path: /etc/ssl/private/ansible.com.pem
- name: Get information on generated key
community.crypto.openssl_privatekey_info:
path: /etc/ssl/private/ansible.com.pem
register: result
- name: Dump information
ansible.builtin.debug:
var: result
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Authors¶
Felix Fontein (@felixfontein)
Yanis Guenane (@Spredzy)