community.crypto.openssl_signature – Sign data with openssl
community.crypto.openssl_signature – Sign data with openssl
Note
This plugin is part of the community.crypto collection (version 1.4.0).
To install it use: ansible-galaxy collection install community.crypto
.
To use it in a playbook, specify: community.crypto.openssl_signature
.
New in version 1.1.0: of community.crypto
Synopsis
- This module allows one to sign data using a private key.
- The module can use the cryptography Python library, or the pyOpenSSL Python library. By default, it tries to detect which one is available. This can be overridden with the select_crypto_backend option. Please note that the PyOpenSSL backend was deprecated in Ansible 2.9 and will be removed in community.crypto 2.0.0.
Requirements
The below requirements are needed on the host that executes this module.
- Either cryptography >= 1.4 (some key types require newer versions)
- Or pyOpenSSL >= 0.11 (Ed25519 and Ed448 keys are not supported with this backend)
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
path path / required |
The file to sign. This file will only be read and not modified. | |
privatekey_content string |
The content of the private key to use when signing the certificate signing request. Either privatekey_path or privatekey_content must be specified, but not both. | |
privatekey_passphrase string |
The passphrase for the private key. This is required if the private key is password protected. | |
privatekey_path path |
The path to the private key to use when signing. Either privatekey_path or privatekey_content must be specified, but not both. | |
select_crypto_backend string |
|
Determines which crypto backend to use. The default choice is If set to If set to |
Notes
Note
- When using the
cryptography
backend, the following key types require at least the followingcryptography
version: RSA keys:cryptography
>= 1.4 DSA and ECDSA keys:cryptography
>= 1.5 ed448 and ed25519 keys:cryptography
>= 2.6
See Also
See also
- community.crypto.openssl_signature_info
- The official documentation on the community.crypto.openssl_signature_info module.
- community.crypto.openssl_privatekey
- The official documentation on the community.crypto.openssl_privatekey module.
Examples
- name: Sign example file
community.crypto.openssl_signature:
privatekey_path: private.key
path: /tmp/example_file
register: sig
- name: Verify signature of example file
community.crypto.openssl_signature_info:
certificate_path: cert.pem
path: /tmp/example_file
signature: "{{ sig.signature }}"
register: verify
- name: Make sure the signature is valid
assert:
that:
- verify.valid
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
signature string |
success |
Base64 encoded signature.
|
Authors
- Patrick Pichler (@aveexy)
- Markus Teufelberger (@MarkusTeufelberger)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/community/crypto/openssl_signature_module.html