W3cubDocs

/Ansible

openssl_privatekey - Generate OpenSSL private keys.

New in version 2.3.

Synopsis
Requirements (on host that executes module)
Options
Examples
Return Values
- Status

Synopsis

This module allows one to (re)generate OpenSSL private keys. It uses the pyOpenSSL python library to interact with openssl. One can generate either RSA or DSA private keys. Keys are generated in PEM format. This module uses file common arguments to specify generated file permissions.

Requirements (on host that executes module)

python-pyOpenSSL

Options

parameter	required	default	choices	comments
cipher (added in 2.4)	no			The cipher to encrypt the private key. (cipher can be found by running `openssl list-cipher-algorithms`)
force	no		True False	Should the key be regenerated even it it already exists
passphrase (added in 2.4)	no			The passphrase for the private key.
path	yes			Name of the file in which the generated TLS/SSL private key will be written. It will have 0600 mode.
size	no	4096		Size (in bits) of the TLS/SSL key to generate
state	no	present	present absent	Whether the private key should exist or not, taking action if the state is different from what is stated.
type	no	RSA	RSA DSA	The algorithm used to generate the TLS/SSL private key

Examples

# Generate an OpenSSL private key with the default values (4096 bits, RSA)
- openssl_privatekey:
    path: /etc/ssl/private/ansible.com.pem

# Generate an OpenSSL private key with the default values (4096 bits, RSA)
# and a passphrase
- openssl_privatekey:
    path: /etc/ssl/private/ansible.com.pem
    passphrase: ansible
    cipher: aes256

# Generate an OpenSSL private key with a different size (2048 bits)
- openssl_privatekey:
    path: /etc/ssl/private/ansible.com.pem
    size: 2048

# Force regenerate an OpenSSL private key if it already exists
- openssl_privatekey:
    path: /etc/ssl/private/ansible.com.pem
    force: True

# Generate an OpenSSL private key with a different algorithm (DSA)
- openssl_privatekey:
    path: /etc/ssl/private/ansible.com.pem
    type: DSA

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name	description	returned	type	sample
size	Size (in bits) of the TLS/SSL private key	changed or success	int	4096
filename	Path to the generated TLS/SSL private key file	changed or success	string	/etc/ssl/private/ansible.com.pem
type	Algorithm used to generate the TLS/SSL private key	changed or success	string	RSA
fingerprint	The fingerprint of the public key. Fingerprint will be generated for each hashlib.algorithms available. Requires PyOpenSSL >= 16.0 for meaningful output.	changed or success	dict	{'sha1': '51:cc:7c:68:5d:eb:41:43:88:7e:1a:ae:c7:f8:24:72:ee:71:f6:10', 'sha384': '85:39:50:4e:de:d9:19:33:40:70:ae:10:ab:59:24:19:51:c3:a2:e4:0b:1c:b1:6e:dd:b3:0c:d9:9e:6a:46:af:da:18:f8:ef:ae:2e:c0:9a:75:2c:9b:b3:0f:3a:5f:3d', 'sha224': 'b1:19:a6:6c:14:ac:33:1d:ed:18:50:d3:06:5c:b2:32:91:f1:f1:52:8c:cb:d5:75:e9:f5:9b:46', 'sha256': '41:ab:c7:cb:d5:5f:30:60:46:99:ac:d4:00:70:cf:a1:76:4f:24:5d:10:24:57:5d:51:6e:09:97:df:2f:de:c7', 'sha512': 'fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b', 'md5': '84:75:71:72:8d:04:b5:6c:4d:37:6d:66:83:f5:4c:29'}

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2017 Michael DeHaan
© 2017 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/openssl_privatekey_module.html