W3cubDocs

/Ansible

openssl_publickey - Generate an OpenSSL public key from its private key.

New in version 2.3.

Synopsis
Requirements (on host that executes module)
Options
Examples
Return Values
- Status

Synopsis

This module allows one to (re)generate OpenSSL public keys from their private keys. It uses the pyOpenSSL python library to interact with openssl. Keys are generated in PEM format. This module works only if the version of PyOpenSSL is recent enough (> 16.0.0). This module uses file common arguments to specify generated file permissions.

Requirements (on host that executes module)

python-pyOpenSSL

Options

parameter	required	default	choices	comments
force	no		True False	Should the key be regenerated even it it already exists
format (added in 2.4)	no	PEM	PEM OpenSSH	The format of the public key.
path	yes			Name of the file in which the generated TLS/SSL public key will be written.
privatekey_passphrase (added in 2.4)	no			The passphrase for the privatekey.
privatekey_path	yes			Path to the TLS/SSL private key from which to generate the public key.
state	no	present	present absent	Whether the public key should exist or not, taking action if the state is different from what is stated.

Examples

# Generate an OpenSSL public key in PEM format.
- openssl_publickey:
    path: /etc/ssl/public/ansible.com.pem
    privatekey_path: /etc/ssl/private/ansible.com.pem

# Generate an OpenSSL public key in OpenSSH v2 format.
- openssl_publickey:
    path: /etc/ssl/public/ansible.com.pem
    privatekey_path: /etc/ssl/private/ansible.com.pem
    format: OpenSSH

# Generate an OpenSSL public key with a passphrase protected
# private key
- openssl_publickey:
    path: /etc/ssl/public/ansible.com.pem
    privatekey_path: /etc/ssl/private/ansible.com.pem
    privatekey_passphrase: ansible

# Force regenerate an OpenSSL public key if it already exists
- openssl_publickey:
    path: /etc/ssl/public/ansible.com.pem
    privatekey_path: /etc/ssl/private/ansible.com.pem
    force: True

# Remove an OpenSSL public key
- openssl_publickey:
    path: /etc/ssl/public/ansible.com.pem
    privatekey_path: /etc/ssl/private/ansible.com.pem
    state: absent

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name	description	returned	type	sample
format	The format of the public key (PEM, OpenSSH, ...)	changed or success	string	PEM
filename	Path to the generated TLS/SSL public key file	changed or success	string	/etc/ssl/public/ansible.com.pem
privatekey	Path to the TLS/SSL private key the public key was generated from	changed or success	string	/etc/ssl/private/ansible.com.pem
fingerprint	The fingerprint of the public key. Fingerprint will be generated for each hashlib.algorithms available. Requires PyOpenSSL >= 16.0 for meaningful output.	changed or success	dict	{'sha1': '51:cc:7c:68:5d:eb:41:43:88:7e:1a:ae:c7:f8:24:72:ee:71:f6:10', 'sha384': '85:39:50:4e:de:d9:19:33:40:70:ae:10:ab:59:24:19:51:c3:a2:e4:0b:1c:b1:6e:dd:b3:0c:d9:9e:6a:46:af:da:18:f8:ef:ae:2e:c0:9a:75:2c:9b:b3:0f:3a:5f:3d', 'sha224': 'b1:19:a6:6c:14:ac:33:1d:ed:18:50:d3:06:5c:b2:32:91:f1:f1:52:8c:cb:d5:75:e9:f5:9b:46', 'sha256': '41:ab:c7:cb:d5:5f:30:60:46:99:ac:d4:00:70:cf:a1:76:4f:24:5d:10:24:57:5d:51:6e:09:97:df:2f:de:c7', 'sha512': 'fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b', 'md5': '84:75:71:72:8d:04:b5:6c:4d:37:6d:66:83:f5:4c:29'}

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2017 Michael DeHaan
© 2017 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/openssl_publickey_module.html