community.general.pacman_key module – Manage pacman’s list of trusted keys
Note
This module is part of the community.general collection (version 9.5.1).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.general.pacman_key
.
New in community.general 3.2.0
Synopsis
Add or remove gpg keys from the pacman keyring.
Requirements
The below requirements are needed on the host that executes this module.
gpg
pacman-key
Parameters
Parameter |
Comments |
---|---|
The keyfile contents to add to the keyring. Must be of |
|
The path to a keyfile on the remote server to add to the keyring. Remote file must be of |
|
This forces the key to be updated if it already exists in the keyring. Choices:
|
|
The 40 character identifier of the key. Including this allows check mode to correctly report the changed state. Do not specify a subkey ID, instead specify the primary key ID. |
|
The full path to the keyring folder on the remote server. If not specified, module will use pacman’s default ( Useful if the remote system requires an alternative gnupg directory. Default: |
|
The keyserver used to retrieve key from. |
|
Ensures that the key is present (added) or absent (revoked). Choices:
|
|
The URL to retrieve keyfile from. Remote file must be of |
|
Whether or not to verify the keyfile’s key ID against specified key ID. Choices:
|
Attributes
Attribute |
Support |
Description |
---|---|---|
Support: full |
Can run in |
|
Support: none |
Will return details on what has changed (or possibly needs changing in |
Notes
Note
Use full-length key ID (40 characters).
Keys will be verified when using
data
,file
, orurl
unlessverify
is overridden.Keys will be locally signed after being imported into the keyring.
If the key ID exists in the keyring, the key will not be added unless
force_update
is specified.
Examples
- name: Import a key via local file
community.general.pacman_key:
id: 01234567890ABCDE01234567890ABCDE12345678
data: "{{ lookup('file', 'keyfile.asc') }}"
state: present
- name: Import a key via remote file
community.general.pacman_key:
id: 01234567890ABCDE01234567890ABCDE12345678
file: /tmp/keyfile.asc
state: present
- name: Import a key via url
community.general.pacman_key:
id: 01234567890ABCDE01234567890ABCDE12345678
url: https://domain.tld/keys/keyfile.asc
state: present
- name: Import a key via keyserver
community.general.pacman_key:
id: 01234567890ABCDE01234567890ABCDE12345678
keyserver: keyserver.domain.tld
- name: Import a key into an alternative keyring
community.general.pacman_key:
id: 01234567890ABCDE01234567890ABCDE12345678
file: /tmp/keyfile.asc
keyring: /etc/pacman.d/gnupg-alternative
- name: Remove a key from the keyring
community.general.pacman_key:
id: 01234567890ABCDE01234567890ABCDE12345678
state: absent