Try SpotterGenerate OpenSSL private keys.
| "added in version" 2.3 of ansible.builtin"
Authors: Yanis Guenane (@Spredzy)
preview | supported by community
pipInstall with pip install ansible==2.4.2.0.post1
This module allows one to (re)generate OpenSSL private keys. It uses the pyOpenSSL python library to interact with openssl. One can generate either RSA or DSA private keys. Keys are generated in PEM format. This module uses file common arguments to specify generated file permissions.
# Generate an OpenSSL private key with the default values (4096 bits, RSA)
- openssl_privatekey:
path: /etc/ssl/private/ansible.com.pem
# Generate an OpenSSL private key with the default values (4096 bits, RSA)
# and a passphrase
- openssl_privatekey:
path: /etc/ssl/private/ansible.com.pem
passphrase: ansible
cipher: aes256
# Generate an OpenSSL private key with a different size (2048 bits)
- openssl_privatekey:
path: /etc/ssl/private/ansible.com.pem
size: 2048
# Force regenerate an OpenSSL private key if it already exists
- openssl_privatekey:
path: /etc/ssl/private/ansible.com.pem
force: True
# Generate an OpenSSL private key with a different algorithm (DSA)
- openssl_privatekey:
path: /etc/ssl/private/ansible.com.pem
type: DSA
path:
description:
- Name of the file in which the generated TLS/SSL private key will be written. It
will have 0600 mode.
required: true
size:
default: 4096
description:
- Size (in bits) of the TLS/SSL key to generate
required: false
type:
choices:
- RSA
- DSA
default: RSA
description:
- The algorithm used to generate the TLS/SSL private key
required: false
force:
choices:
- true
- false
default: false
description:
- Should the key be regenerated even it it already exists
required: false
state:
choices:
- present
- absent
default: present
description:
- Whether the private key should exist or not, taking action if the state is different
from what is stated.
required: false
cipher:
description:
- The cipher to encrypt the private key. (cipher can be found by running `openssl
list-cipher-algorithms`)
required: false
version_added: '2.4'
version_added_collection: ansible.builtin
passphrase:
description:
- The passphrase for the private key.
required: false
version_added: '2.4'
version_added_collection: ansible.builtin
filename:
description: Path to the generated TLS/SSL private key file
returned: changed or success
sample: /etc/ssl/private/ansible.com.pem
type: string
fingerprint:
description: The fingerprint of the public key. Fingerprint will be generated for
each hashlib.algorithms available. Requires PyOpenSSL >= 16.0 for meaningful output.
returned: changed or success
sample:
md5: 84:75:71:72:8d:04:b5:6c:4d:37:6d:66:83:f5:4c:29
sha1: 51:cc:7c:68:5d:eb:41:43:88:7e:1a:ae:c7:f8:24:72:ee:71:f6:10
sha224: b1:19:a6:6c:14:ac:33:1d:ed:18:50:d3:06:5c:b2:32:91:f1:f1:52:8c:cb:d5:75:e9:f5:9b:46
sha256: 41:ab:c7:cb:d5:5f:30:60:46:99:ac:d4:00:70:cf:a1:76:4f:24:5d:10:24:57:5d:51:6e:09:97:df:2f:de:c7
sha384: 85:39:50:4e:de:d9:19:33:40:70:ae:10:ab:59:24:19:51:c3:a2:e4:0b:1c:b1:6e:dd:b3:0c:d9:9e:6a:46:af:da:18:f8:ef:ae:2e:c0:9a:75:2c:9b:b3:0f:3a:5f:3d
sha512: fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b
type: dict
size:
description: Size (in bits) of the TLS/SSL private key
returned: changed or success
sample: 4096
type: int
type:
description: Algorithm used to generate the TLS/SSL private key
returned: changed or success
sample: RSA
type: string