community.crypto.openssl_privatekey_info – Provide information for OpenSSL private keys
Note
This plugin is part of the community.crypto collection (version 1.9.8).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.crypto
.
To use it in a playbook, specify: community.crypto.openssl_privatekey_info
.
Synopsis
This module allows one to query information on OpenSSL private keys.
In case the key consistency checks fail, the module will fail as this indicates a faked private key. In this case, all return variables are still returned. Note that key consistency checks are not available all key types; if none is available,
none
is returned forkey_is_consistent
.It uses the pyOpenSSL or cryptography python library to interact with OpenSSL. If both the cryptography and PyOpenSSL libraries are available (and meet the minimum version requirements) cryptography will be preferred as a backend over PyOpenSSL (unless the backend is forced with
select_crypto_backend
). Please note that the PyOpenSSL backend was deprecated in Ansible 2.9 and will be removed in community.crypto 2.0.0.
Requirements
The below requirements are needed on the host that executes this module.
PyOpenSSL >= 0.15 or cryptography >= 1.2.3
Parameters
Parameter |
Comments |
---|---|
Content of the private key file. Either path or content must be specified, but not both. |
|
The passphrase for the private key. |
|
Remote absolute path where the private key file is loaded from. |
|
Whether to return private key data. Only set this to WARNING: you have to make sure that private key data isn’t accidentally logged! Choices:
|
|
Determines which crypto backend to use. The default choice is If set to If set to Please note that the Choices:
|
See Also
See also
- community.crypto.openssl_privatekey
The official documentation on the community.crypto.openssl_privatekey module.
- community.crypto.openssl_privatekey_pipe
The official documentation on the community.crypto.openssl_privatekey_pipe module.
Examples
- name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
community.crypto.openssl_privatekey:
path: /etc/ssl/private/ansible.com.pem
- name: Get information on generated key
community.crypto.openssl_privatekey_info:
path: /etc/ssl/private/ansible.com.pem
register: result
- name: Dump information
ansible.builtin.debug:
var: result
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Whether the module was able to load the private key from disk. Returned: always |
|
Whether the module was able to parse the private key. Returned: always |
|
Whether the key is consistent. Can also return In case the check returns Returned: always |
|
Private key data. Depends on key type. Returned: success and when return_private_key_data is set to |
|
Public key data. Depends on key type. Returned: success |
|
The curve’s name for ECC. Returned: When |
|
The RSA key’s public exponent. Returned: When |
|
The maximum number of bits of a private key. This is basically the bit size of the subgroup used. Returned: When |
|
The This is the element spanning the subgroup of the multiplicative group of the prime field used. Returned: When |
|
The RSA key’s modulus. Returned: When |
|
The This is the prime modulus upon which arithmetic takes place. Returned: When |
|
The This is a prime that divides Returned: When |
|
Bit size of modulus (RSA) or prime number (DSA). Returned: When |
|
The Returned: When |
|
For For Returned: When |
|
Private key’s public key in PEM format. Returned: success Sample: “—–BEGIN PUBLIC KEY—–\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A…” |
|
Fingerprints of private key’s public key. For every hash algorithm available, the fingerprint is computed. Returned: success Sample: “{\u0027sha256\u0027: \u0027d4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63\u0027, \u0027sha512\u0027: \u0027f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1…” |
|
The key’s type. One of Will start with Returned: success Sample: “RSA” |
Authors
Felix Fontein (@felixfontein)
Yanis Guenane (@Spredzy)