openssl_privatekey - Generate OpenSSL private keys.
New in version 2.3.
Synopsis
- This module allows one to (re)generate OpenSSL private keys. It uses the pyOpenSSL python library to interact with openssl. One can generate either RSA or DSA private keys. Keys are generated in PEM format. This module uses file common arguments to specify generated file permissions.
Requirements (on host that executes module)
- python-pyOpenSSL
Options
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| cipher (added in 2.4)
| no | The cipher to encrypt the private key. (cipher can be found by running `openssl list-cipher-algorithms`) | ||
| force | no |
| Should the key be regenerated even it it already exists | |
| passphrase (added in 2.4)
| no | The passphrase for the private key. | ||
| path | yes | Name of the file in which the generated TLS/SSL private key will be written. It will have 0600 mode. | ||
| size | no | 4096 | Size (in bits) of the TLS/SSL key to generate | |
| state | no | present |
| Whether the private key should exist or not, taking action if the state is different from what is stated. |
| type | no | RSA |
| The algorithm used to generate the TLS/SSL private key |
Examples
# Generate an OpenSSL private key with the default values (4096 bits, RSA)
- openssl_privatekey:
path: /etc/ssl/private/ansible.com.pem
# Generate an OpenSSL private key with the default values (4096 bits, RSA)
# and a passphrase
- openssl_privatekey:
path: /etc/ssl/private/ansible.com.pem
passphrase: ansible
cipher: aes256
# Generate an OpenSSL private key with a different size (2048 bits)
- openssl_privatekey:
path: /etc/ssl/private/ansible.com.pem
size: 2048
# Force regenerate an OpenSSL private key if it already exists
- openssl_privatekey:
path: /etc/ssl/private/ansible.com.pem
force: True
# Generate an OpenSSL private key with a different algorithm (DSA)
- openssl_privatekey:
path: /etc/ssl/private/ansible.com.pem
type: DSA
Return Values
Common return values are documented here Return Values, the following are the fields unique to this module:
| name | description | returned | type | sample |
|---|---|---|---|---|
| filename | Path to the generated TLS/SSL private key file | changed or success | string | /etc/ssl/private/ansible.com.pem |
| fingerprint | The fingerprint of the public key. Fingerprint will be generated for each hashlib.algorithms available. Requires PyOpenSSL >= 16.0 for meaningful output. | changed or success | dict | {'sha1': '51:cc:7c:68:5d:eb:41:43:88:7e:1a:ae:c7:f8:24:72:ee:71:f6:10', 'sha384': '85:39:50:4e:de:d9:19:33:40:70:ae:10:ab:59:24:19:51:c3:a2:e4:0b:1c:b1:6e:dd:b3:0c:d9:9e:6a:46:af:da:18:f8:ef:ae:2e:c0:9a:75:2c:9b:b3:0f:3a:5f:3d', 'sha224': 'b1:19:a6:6c:14:ac:33:1d:ed:18:50:d3:06:5c:b2:32:91:f1:f1:52:8c:cb:d5:75:e9:f5:9b:46', 'sha256': '41:ab:c7:cb:d5:5f:30:60:46:99:ac:d4:00:70:cf:a1:76:4f:24:5d:10:24:57:5d:51:6e:09:97:df:2f:de:c7', 'sha512': 'fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b', 'md5': '84:75:71:72:8d:04:b5:6c:4d:37:6d:66:83:f5:4c:29'} |
| size | Size (in bits) of the TLS/SSL private key | changed or success | int | 4096 |
| type | Algorithm used to generate the TLS/SSL private key | changed or success | string | RSA |
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/openssl_privatekey_module.html