apt_key - Add or remove an apt key
Synopsis
- Add or remove an apt key, optionally downloading it.
Options
parameter | required | default | choices | comments |
---|---|---|---|---|
data | no | The keyfile contents to add to the keyring. | ||
file | no | The path to a keyfile on the remote server to add to the keyring. | ||
id | no | The identifier of the key. Including this allows check mode to correctly report the changed state. If specifying a subkey's id be aware that apt-key does not understand how to remove keys via a subkey id. Specify the primary key's id instead. This parameter is required when state is set to absent . | ||
keyring (added in 1.3)
| no | -The path to specific keyring file in /etc/apt/trusted.gpg.d/ | ||
keyserver (added in 1.6)
| no | The keyserver to retrieve key from. | ||
state | no | present |
| Ensures that the key is present (added) or absent (revoked). |
url | no | The URL to retrieve key from. | ||
validate_certs | no | yes |
| If no , SSL certificates for the target url will not be validated. This should only be used on personally controlled sites using self-signed certificates. |
Examples
- name: Add an apt key by id from a keyserver apt_key: keyserver: keyserver.ubuntu.com id: 36A1D7869245C8950F966E92D8576A8BA88D21E9 - name: Add an Apt signing key, uses whichever key is at the URL apt_key: url: https://ftp-master.debian.org/keys/archive-key-6.0.asc state: present - name: Add an Apt signing key, will not download if present apt_key: id: 473041FA url: https://ftp-master.debian.org/keys/archive-key-6.0.asc state: present - name: Remove a Apt specific signing key, leading 0x is valid apt_key: id: 0x473041FA state: absent # Use armored file since utf-8 string is expected. Must be of "PGP PUBLIC KEY BLOCK" type. - name: Add a key from a file on the Ansible server. apt_key: data: "{{ lookup('file', 'apt.asc') }}" state: present - name: Add an Apt signing key to a specific keyring file apt_key: id: 473041FA url: https://ftp-master.debian.org/keys/archive-key-6.0.asc keyring: /etc/apt/trusted.gpg.d/debian.gpg - name: Add Apt signing key on remote server to keyring apt_key: id: 473041FA file: /tmp/apt.gpg state: present
Notes
Note
- doesn’t download the key unless it really needs it
- as a sanity check, downloaded key id must match the one specified
- best practice is to specify the key id and the url
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Maintenance Info
For more information about Red Hat’s this support of this module, please refer to this knowledge base article<https://access.redhat.com/articles/rhel-top-support-policies>
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/apt_key_module.html