maxhoesel / maxhoesel.smallstep / 0.23.1 / module / step_ca_revoke Revoke a Certificate | "added in version" 0.3.0 of maxhoesel.smallstep" Authors: Max Hösel (@maxhoesel)maxhoesel.smallstep.step_ca_revoke (0.23.1) — module
Install with ansible-galaxy collection install maxhoesel.smallstep:==0.23.1
collections: - name: maxhoesel.smallstep version: 0.23.1
Revoke a Certificate
# See https://smallstep.com/docs/step-cli/reference/ca/revoke for more examples - name: Revoke a local certificate maxhoesel.smallstep.step_ca_revoke: cert: internal.crt key: internal.key ca_url: https://ca.smallstep.com:9000
- name: Revoke a certificate via serial number maxhoesel.smallstep.step_ca_revoke: serial_number: 308893286343609293989051180431574390766 ca_url: https://ca.smallstep.com:9000 token: "{{ ca_token }}"
key: description: The path to the key corresponding to the cert that should be revoked. Can be let empty if I(serial_number) is defined. type: path cert: description: The path to the cert that should be revoked. Can be let empty if I(serial_number) is defined. type: path root: description: 'The path to the PEM file used as the root certificate authority. Used if the module is run in online mode (default) and the hosts C(step-cli) is not configured to trust the CA. ' type: path token: description: The one-time token used to authenticate with the CA in order to revoke the certificate. type: str ca_url: description: 'URI of the targeted Step Certificate Authority. Used if the module is run in online mode (default) and the hosts C(step-cli) is not configured to trust the CA. ' type: str reason: description: The string representing the reason for which the cert is being revoked. type: str offline: description: 'Don''t contact the CA. Offline mode uses the configuration, certificates, and keys created with step ca init, but can accept a different configuration file using the I(ca_config) flag. ' type: bool ca_config: description: The path to the certificate authority configuration file on the host. type: path reason_code: description: 'The reasonCode specifies the reason for revocation - chose from a list of common revocation reasons. If unset, the default is Unspecified. See https://smallstep.com/docs/step-cli/reference/ca/revoke for more details ' type: int serial_number: description: 'The serial number of the certificate that should be revoked. Can be left blank when using I(cert) and I(key) params for revocation over mTLS. ' type: int step_cli_executable: default: step-cli description: Name (or absolute path) of the C(step-cli) executable to use type: path