community.general.java_keystore – Create or delete a Java keystore in JKS format.

Note

This plugin is part of the community.general collection.

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.java_keystore.

Synopsis

  • Create or delete a Java keystore in JKS format for a given certificate.

Requirements

The below requirements are needed on the host that executes this module.

  • openssl

  • keytool

Parameters

Parameter Choices/Defaults Comments
certificate
string / required
Certificate that should be used to create the key store.
dest
string / required
Absolute path where the jks should be generated.
force
boolean
    Choices:
  • no ←
  • yes
Key store will be created even if it already exists.
group
string
Name of the group that should own jks file.
mode
string
Mode the file should be.
name
string / required
Name of the certificate.
owner
string
Name of the user that should own jks file.
password
string / required
Password that should be used to secure the key store.
private_key
string / required
Private key that should be used to create the key store.
private_key_passphrase
string
added in 0.2.0 of community.general
Pass phrase for reading the private key, if required.

Examples

- name: Create a key store for the given certificate (inline)
  community.general.java_keystore:
    name: example
    certificate: |
      -----BEGIN CERTIFICATE-----
      h19dUZ2co2fI/ibYiwxWk4aeNE6KWvCaTQOMQ8t6Uo2XKhpL/xnjoAgh1uCQN/69
      MG+34+RhUWzCfdZH7T8/qDxJw2kEPKluaYh7KnMsba+5jHjmtzix5QIDAQABo4IB
      -----END CERTIFICATE-----
    private_key: |
      -----BEGIN RSA PRIVATE KEY-----
      DBVFTEVDVFJJQ0lURSBERSBGUkFOQ0UxFzAVBgNVBAsMDjAwMDIgNTUyMDgxMzE3
      GLlDNMw/uHyME7gHFsqJA7O11VY6O5WQ4IDP3m/s5ZV6s+Nn6Lerz17VZ99
      -----END RSA PRIVATE KEY-----
    password: changeit
    dest: /etc/security/keystore.jks

- name: Create a key store for the given certificate (lookup)
  community.general.java_keystore:
    name: example
    certificate: "{{lookup('file', '/path/to/certificate.crt') }}"
    private_key: "{{lookup('file', '/path/to/private.key') }}"
    password: changeit
    dest: /etc/security/keystore.jks

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
cmd
string
changed and failure
Executed command to get action done

Sample:
openssl x509 -noout -in /tmp/cert.crt -fingerprint -sha256
msg
string
changed and failure
Output from stdout of keytool/openssl command after execution of given command or an error.

Sample:
Unable to find the current certificate fingerprint in ...
rc
integer
changed and failure
keytool/openssl command execution return value

Sample:
0


Authors

  • Guillaume Grossetie (@Mogztter)