apt_key – Add or remove an apt key
apt_key – Add or remove an apt key
Synopsis
- Add or remove an apt key, optionally downloading it.
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
data - |
The keyfile contents to add to the keyring. | |
file - |
The path to a keyfile on the remote server to add to the keyring. | |
id - |
The identifier of the key. Including this allows check mode to correctly report the changed state. If specifying a subkey's id be aware that apt-key does not understand how to remove keys via a subkey id. Specify the primary key's id instead. This parameter is required when | |
keyring - added in 1.3 |
The full path to specific keyring file in /etc/apt/trusted.gpg.d/ | |
keyserver - added in 1.6 |
The keyserver to retrieve key from. | |
state - |
|
Ensures that the key is present (added) or absent (revoked). |
url - |
The URL to retrieve key from. | |
validate_certs boolean |
|
If |
Notes
Note
- Doesn’t download the key unless it really needs it.
- As a sanity check, downloaded key id must match the one specified.
- Best practice is to specify the key id and the URL.
- Adding a new key requires an apt cache update (e.g. using the apt module’s update_cache option)
Examples
- name: Add an apt key by id from a keyserver
apt_key:
keyserver: keyserver.ubuntu.com
id: 36A1D7869245C8950F966E92D8576A8BA88D21E9
- name: Add an Apt signing key, uses whichever key is at the URL
apt_key:
url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
state: present
- name: Add an Apt signing key, will not download if present
apt_key:
id: 473041FA
url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
state: present
- name: Remove a Apt specific signing key, leading 0x is valid
apt_key:
id: 0x473041FA
state: absent
# Use armored file since utf-8 string is expected. Must be of "PGP PUBLIC KEY BLOCK" type.
- name: Add a key from a file on the Ansible server.
apt_key:
data: "{{ lookup('file', 'apt.asc') }}"
state: present
- name: Add an Apt signing key to a specific keyring file
apt_key:
id: 473041FA
url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
keyring: /etc/apt/trusted.gpg.d/debian.gpg
- name: Add Apt signing key on remote server to keyring
apt_key:
id: 473041FA
file: /tmp/apt.gpg
state: present
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Core Team. [core]
Red Hat Support
More information about Red Hat’s support of this module is available from this Red Hat Knowledge Base article.
Authors
- Jayson Vantuyl (@jvantuyl)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.7/modules/apt_key_module.html