openssl_publickey - Generate an OpenSSL public key from its private key.
New in version 2.3.
Synopsis
- This module allows one to (re)generate OpenSSL public keys from their private keys. It uses the pyOpenSSL python library to interact with openssl. Keys are generated in PEM format. This module works only if the version of PyOpenSSL is recent enough (> 16.0.0). This module uses file common arguments to specify generated file permissions.
Requirements (on host that executes module)
- python-pyOpenSSL
Options
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| force | no |
| Should the key be regenerated even it it already exists | |
| format (added in 2.4)
| no | PEM |
| The format of the public key. |
| path | yes | Name of the file in which the generated TLS/SSL public key will be written. | ||
| privatekey_passphrase (added in 2.4)
| no | The passphrase for the privatekey. | ||
| privatekey_path | yes | Path to the TLS/SSL private key from which to generate the public key. | ||
| state | no | present |
| Whether the public key should exist or not, taking action if the state is different from what is stated. |
Examples
# Generate an OpenSSL public key in PEM format.
- openssl_publickey:
path: /etc/ssl/public/ansible.com.pem
privatekey_path: /etc/ssl/private/ansible.com.pem
# Generate an OpenSSL public key in OpenSSH v2 format.
- openssl_publickey:
path: /etc/ssl/public/ansible.com.pem
privatekey_path: /etc/ssl/private/ansible.com.pem
format: OpenSSH
# Generate an OpenSSL public key with a passphrase protected
# private key
- openssl_publickey:
path: /etc/ssl/public/ansible.com.pem
privatekey_path: /etc/ssl/private/ansible.com.pem
privatekey_passphrase: ansible
# Force regenerate an OpenSSL public key if it already exists
- openssl_publickey:
path: /etc/ssl/public/ansible.com.pem
privatekey_path: /etc/ssl/private/ansible.com.pem
force: True
# Remove an OpenSSL public key
- openssl_publickey:
path: /etc/ssl/public/ansible.com.pem
privatekey_path: /etc/ssl/private/ansible.com.pem
state: absent
Return Values
Common return values are documented here Return Values, the following are the fields unique to this module:
| name | description | returned | type | sample |
|---|---|---|---|---|
| filename | Path to the generated TLS/SSL public key file | changed or success | string | /etc/ssl/public/ansible.com.pem |
| fingerprint | The fingerprint of the public key. Fingerprint will be generated for each hashlib.algorithms available. Requires PyOpenSSL >= 16.0 for meaningful output. | changed or success | dict | {'sha1': '51:cc:7c:68:5d:eb:41:43:88:7e:1a:ae:c7:f8:24:72:ee:71:f6:10', 'sha384': '85:39:50:4e:de:d9:19:33:40:70:ae:10:ab:59:24:19:51:c3:a2:e4:0b:1c:b1:6e:dd:b3:0c:d9:9e:6a:46:af:da:18:f8:ef:ae:2e:c0:9a:75:2c:9b:b3:0f:3a:5f:3d', 'sha224': 'b1:19:a6:6c:14:ac:33:1d:ed:18:50:d3:06:5c:b2:32:91:f1:f1:52:8c:cb:d5:75:e9:f5:9b:46', 'sha256': '41:ab:c7:cb:d5:5f:30:60:46:99:ac:d4:00:70:cf:a1:76:4f:24:5d:10:24:57:5d:51:6e:09:97:df:2f:de:c7', 'sha512': 'fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b', 'md5': '84:75:71:72:8d:04:b5:6c:4d:37:6d:66:83:f5:4c:29'} |
| format | The format of the public key (PEM, OpenSSH, ...) | changed or success | string | PEM |
| privatekey | Path to the TLS/SSL private key the public key was generated from | changed or success | string | /etc/ssl/private/ansible.com.pem |
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/openssl_publickey_module.html