ansible / ansible.builtin / v2.15.2 / module / apt_key Add or remove an apt key | "added in version" 1.0 of ansible.builtin" Authors: Jayson Vantuyl (@jvantuyl)ansible.builtin.apt_key (v2.15.2) — module
pip
Install with pip install ansible-core==2.15.2
Add or remove an I(apt) key, optionally downloading it.
- name: One way to avoid apt_key once it is removed from your distro, armored keys should use .asc extension, binary should use .gpg block: - name: somerepo | no apt key ansible.builtin.get_url: url: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x36a1d7869245c8950f966e92d8576a8ba88d21e9 dest: /etc/apt/keyrings/myrepo.asc checksum: sha256:bb42f0db45d46bab5f9ec619e1a47360b94c27142e57aa71f7050d08672309e0 - name: somerepo | apt source ansible.builtin.apt_repository: repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/myrepo.asc] https://download.example.com/linux/ubuntu {{ ansible_distribution_release }} stable" state: present
- name: Add an apt key by id from a keyserver ansible.builtin.apt_key: keyserver: keyserver.ubuntu.com id: 36A1D7869245C8950F966E92D8576A8BA88D21E9
- name: Add an Apt signing key, uses whichever key is at the URL ansible.builtin.apt_key: url: https://ftp-master.debian.org/keys/archive-key-6.0.asc state: present
- name: Add an Apt signing key, will not download if present ansible.builtin.apt_key: id: 9FED2BCBDCD29CDF762678CBAED4B06F473041FA url: https://ftp-master.debian.org/keys/archive-key-6.0.asc state: present
- name: Remove a Apt specific signing key, leading 0x is valid ansible.builtin.apt_key: id: 0x9FED2BCBDCD29CDF762678CBAED4B06F473041FA state: absent
# Use armored file since utf-8 string is expected. Must be of "PGP PUBLIC KEY BLOCK" type. - name: Add a key from a file on the Ansible server ansible.builtin.apt_key: data: "{{ lookup('ansible.builtin.file', 'apt.asc') }}" state: present
- name: Add an Apt signing key to a specific keyring file ansible.builtin.apt_key: id: 9FED2BCBDCD29CDF762678CBAED4B06F473041FA url: https://ftp-master.debian.org/keys/archive-key-6.0.asc keyring: /etc/apt/trusted.gpg.d/debian.gpg
- name: Add Apt signing key on remote server to keyring ansible.builtin.apt_key: id: 9FED2BCBDCD29CDF762678CBAED4B06F473041FA file: /tmp/apt.gpg state: present
id: description: - The identifier of the key. - Including this allows check mode to correctly report the changed state. - If specifying a subkey's id be aware that apt-key does not understand how to remove keys via a subkey id. Specify the primary key's id instead. - This parameter is required when C(state) is set to C(absent). type: str url: description: - The URL to retrieve key from. type: str data: description: - The keyfile contents to add to the keyring. type: str file: description: - The path to a keyfile on the remote server to add to the keyring. type: path state: choices: - absent - present default: present description: - Ensures that the key is present (added) or absent (revoked). type: str keyring: description: - The full path to specific keyring file in C(/etc/apt/trusted.gpg.d/). type: path version_added: '1.3' version_added_collection: ansible.builtin keyserver: description: - The keyserver to retrieve key from. type: str version_added: '1.6' version_added_collection: ansible.builtin validate_certs: default: 'yes' description: - If C(false), SSL certificates for the target url will not be validated. This should only be used on personally controlled sites using self-signed certificates. type: bool
after: description: List of apt key ids or fingerprints after any modification returned: on change sample: - D8576A8BA88D21E9 - 3B4FE6ACC0B21F32 - D94AA3F0EFE21092 - 871920D1991BC93C type: list before: description: List of apt key ids or fingprints before any modifications returned: always sample: - 3B4FE6ACC0B21F32 - D94AA3F0EFE21092 - 871920D1991BC93C type: list fp: description: Fingerprint of the key to import returned: always sample: D8576A8BA88D21E9 type: str id: description: key id from source returned: always sample: 36A1D7869245C8950F966E92D8576A8BA88D21E9 type: str key_id: description: calculated key id, it should be same as 'id', but can be different returned: always sample: 36A1D7869245C8950F966E92D8576A8BA88D21E9 type: str short_id: description: calculated short key id returned: always sample: A88D21E9 type: str