community.general.pacman_key – Manage pacman’s list of trusted keys
Note
This plugin is part of the community.general collection (version 3.8.1).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.pacman_key
.
New in version 3.2.0: of community.general
Synopsis
- Add or remove gpg keys from the pacman keyring.
Requirements
The below requirements are needed on the host that executes this module.
- gpg
- pacman-key
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
data string | The keyfile contents to add to the keyring. Must be of PGP PUBLIC KEY BLOCK type. | |
file path | The path to a keyfile on the remote server to add to the keyring. Remote file must be of PGP PUBLIC KEY BLOCK type. | |
force_update boolean |
| This forces the key to be updated if it already exists in the keyring. |
id string / required | The 40 character identifier of the key. Including this allows check mode to correctly report the changed state. Do not specify a subkey ID, instead specify the primary key ID. | |
keyring path | Default: "/etc/pacman.d/gnupg" | The full path to the keyring folder on the remote server. If not specified, module will use pacman's default ( /etc/pacman.d/gnupg ).Useful if the remote system requires an alternative gnupg directory. |
keyserver string | The keyserver used to retrieve key from. | |
state string |
| Ensures that the key is present (added) or absent (revoked). |
url string | The URL to retrieve keyfile from. Remote file must be of PGP PUBLIC KEY BLOCK type. | |
verify boolean |
| Whether or not to verify the keyfile's key ID against specified key ID. |
Notes
Note
- Use full-length key ID (40 characters).
- Keys will be verified when using data, file, or url unless verify is overridden.
- Keys will be locally signed after being imported into the keyring.
- If the key ID exists in the keyring, the key will not be added unless force_update is specified.
- data, file, url, and keyserver are mutually exclusive.
- Supports
check_mode
.
Examples
- name: Import a key via local file community.general.pacman_key: data: "{{ lookup('file', 'keyfile.asc') }}" state: present - name: Import a key via remote file community.general.pacman_key: file: /tmp/keyfile.asc state: present - name: Import a key via url community.general.pacman_key: id: 01234567890ABCDE01234567890ABCDE12345678 url: https://domain.tld/keys/keyfile.asc state: present - name: Import a key via keyserver community.general.pacman_key: id: 01234567890ABCDE01234567890ABCDE12345678 keyserver: keyserver.domain.tld - name: Import a key into an alternative keyring community.general.pacman_key: id: 01234567890ABCDE01234567890ABCDE12345678 file: /tmp/keyfile.asc keyring: /etc/pacman.d/gnupg-alternative - name: Remove a key from the keyring community.general.pacman_key: id: 01234567890ABCDE01234567890ABCDE12345678 state: absent
Authors
- George Rawlinson (@grawlinson)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/pacman_key_module.html