community.crypto.crypto_info module – Retrieve cryptographic capabilities

Note

This module is part of the community.crypto collection (version 2.3.4).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.crypto.

To use it in a playbook, specify: community.crypto.crypto_info.

New in version 2.1.0: of community.crypto

Synopsis

  • Retrieve information on cryptographic capabilities.

  • The current version retrieves information on the Python cryptography library available to Ansible modules, and on the OpenSSL binary openssl found in the path.

Notes

Note

  • Supports check_mode.

Examples

- name: Retrieve information
  community.crypto.crypto_info:
    account_key_src: /etc/pki/cert/private/account.key
  register: crypto_information

- name: Show retrieved information
  ansible.builtin.debug:
    var: crypto_information

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

openssl

dictionary

Information on the installed OpenSSL binary.

Returned: when openssl_present=true

path

string

Path of the OpenSSL binary.

Returned: success

Sample: “/usr/bin/openssl”

version

string

The OpenSSL version.

Returned: success

Sample: “1.1.1m”

version_output

string

The complete output of openssl version.

Returned: success

Sample: “OpenSSL 1.1.1m 14 Dec 2021 “

openssl_present

boolean

Whether the OpenSSL binary openssl is installed and can be found in the PATH.

Returned: always

Sample: true

python_cryptography_capabilities

dictionary

Information on the installed Python cryptography library.

Returned: when python_cryptography_installed=true

curves

list / elements=string

List of all supported elliptic curves.

Theoretically this should be non-empty for version 0.5 and higher, depending on the libssl version used.

Returned: success

has_dsa

boolean

Whether DSA keys are supported.

Theoretically this should be the case for version 0.5 and higher.

Returned: success

has_dsa_sign

boolean

Whether signing with DSA keys is supported.

Theoretically this should be the case for version 1.5 and higher.

Returned: success

has_ec

boolean

Whether elliptic curves are supported.

Theoretically this should be the case for version 0.5 and higher, depending on the libssl version used.

Returned: success

has_ec_sign

boolean

Whether signing with elliptic curves is supported.

Theoretically this should be the case for version 1.5 and higher, depending on the libssl version used.

Returned: success

has_ed25519

boolean

Whether Ed25519 keys are supported.

Theoretically this should be the case for version 2.6 and higher, depending on the libssl version used.

Returned: success

has_ed25519_sign

boolean

Whether signing with Ed25519 keys is supported.

Theoretically this should be the case for version 2.6 and higher, depending on the libssl version used.

Returned: success

has_ed448

boolean

Whether Ed448 keys are supported.

Theoretically this should be the case for version 2.6 and higher, depending on the libssl version used.

Returned: success

has_ed448_sign

boolean

Whether signing with Ed448 keys is supported.

Theoretically this should be the case for version 2.6 and higher, depending on the libssl version used.

Returned: success

has_rsa

boolean

Whether RSA keys are supported.

Theoretically this should be the case for version 0.5 and higher.

Returned: success

has_rsa_sign

boolean

Whether signing with RSA keys is supported.

Theoretically this should be the case for version 1.4 and higher.

Returned: success

has_x25519

boolean

Whether X25519 keys are supported.

Theoretically this should be the case for version 2.0 and higher, depending on the libssl version used.

Returned: success

has_x25519_serialization

boolean

Whether serialization of X25519 keys is supported.

Theoretically this should be the case for version 2.5 and higher, depending on the libssl version used.

Returned: success

has_x448

boolean

Whether X448 keys are supported.

Theoretically this should be the case for version 2.5 and higher, depending on the libssl version used.

Returned: success

version

string

The library version.

Returned: success

python_cryptography_import_error

string

Import error when trying to import the Python cryptography library.

Returned: when python_cryptography_installed=false

python_cryptography_installed

boolean

Whether the Python cryptography library is installed.

Returned: always

Sample: true

Authors

  • Felix Fontein (@felixfontein)