You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

apt_key - Add or remove an apt key¶

Synopsis
Options
Examples
Notes
- Status
- Maintenance Info

Synopsis ¶

Add or remove an apt key, optionally downloading it.

Options ¶

parameter	required	default	choices	comments
data	no			The keyfile contents to add to the keyring.
file	no			The path to a keyfile on the remote server to add to the keyring.
id	no			The identifier of the key. Including this allows check mode to correctly report the changed state. If specifying a subkey's id be aware that apt-key does not understand how to remove keys via a subkey id. Specify the primary key's id instead. This parameter is required when `state` is set to `absent`.
keyring (added in 1.3)	no			-The path to specific keyring file in /etc/apt/trusted.gpg.d/
keyserver (added in 1.6)	no			The keyserver to retrieve key from.
state	no	present	absent present	Ensures that the key is present (added) or absent (revoked).
url	no			The URL to retrieve key from.
validate_certs	no	yes	yes no	If `no`, SSL certificates for the target url will not be validated. This should only be used on personally controlled sites using self-signed certificates.

Examples ¶

- name: Add an apt key by id from a keyserver
  apt_key:
    keyserver: keyserver.ubuntu.com
    id: 36A1D7869245C8950F966E92D8576A8BA88D21E9

- name: Add an Apt signing key, uses whichever key is at the URL
  apt_key:
    url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
    state: present

- name: Add an Apt signing key, will not download if present
  apt_key:
    id: 473041FA
    url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
    state: present

- name: Remove a Apt specific signing key, leading 0x is valid
  apt_key:
    id: 0x473041FA
    state: absent

# Use armored file since utf-8 string is expected. Must be of "PGP PUBLIC KEY BLOCK" type.
- name: Add a key from a file on the Ansible server.
  apt_key:
    data: "{{ lookup('file', 'apt.asc') }}"
    state: present

- name: Add an Apt signing key to a specific keyring file
  apt_key:
    id: 473041FA
    url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
    keyring: /etc/apt/trusted.gpg.d/debian.gpg

- name: Add Apt signing key on remote server to keyring
  apt_key:
    id: 473041FA
    file: /tmp/apt.gpg
    state: present

Notes ¶

Note

doesn’t download the key unless it really needs it
as a sanity check, downloaded key id must match the one specified
best practice is to specify the key id and the url

Status ¶

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance Info ¶

For more information about Red Hat’s this support of this module, please refer to this knowledge base article<https://access.redhat.com/articles/rhel-top-support-policies>

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.