ansible.builtin.rpm_key – Adds or removes a gpg key from the rpm db

Note

This module is part of ansible-core and included in all Ansible installations. In most cases, you can use the short module name rpm_key even without specifying the collections: keyword. However, we recommend you use the FQCN for easy linking to the module documentation and to avoid conflicting with other collections that may have the same module name.

New in version 1.3: of ansible.builtin

Synopsis

  • Adds or removes (rpm –import) a gpg key to your rpm database.

Parameters

Parameter Choices/Defaults Comments
fingerprint
string
added in 2.9 of ansible.builtin
The long-form fingerprint of the key being imported.
This will be used to verify the specified key.
key
string / required
Key that will be modified. Can be a url, a file on the managed node, or a keyid if the key already exists in the database.
state
string
    Choices:
  • absent
  • present ←
If the key will be imported or removed from the rpm db.
validate_certs
boolean
    Choices:
  • no
  • yes ←
If no and the key is a url starting with https, SSL certificates will not be validated.
This should only be used on personally controlled sites using self-signed certificates.

Notes

Note

  • Supports check_mode.

Examples

- name: Import a key from a url
  ansible.builtin.rpm_key:
    state: present
    key: http://apt.sw.be/RPM-GPG-KEY.dag.txt

- name: Import a key from a file
  ansible.builtin.rpm_key:
    state: present
    key: /path/to/key.gpg

- name: Ensure a key is not present in the db
  ansible.builtin.rpm_key:
    state: absent
    key: DEADB33F

- name: Verify the key, using a fingerprint, before import
  ansible.builtin.rpm_key:
    key: /path/to/RPM-GPG-KEY.dag.txt
    fingerprint: EBC6 E12C 62B1 C734 026B  2122 A20E 5214 6B8D 79E6

Authors