openssl_privatekey_info – Provide information for OpenSSL private keys
openssl_privatekey_info – Provide information for OpenSSL private keys
New in version 2.8.
Synopsis
- This module allows one to query information on OpenSSL private keys.
- In case the key consistency checks fail, the module will fail as this indicates a faked private key. In this case, all return variables are still returned. Note that key consistency checks are not available all key types; if none is available,
none
is returned forkey_is_consistent
. - It uses the pyOpenSSL or cryptography python library to interact with OpenSSL. If both the cryptography and PyOpenSSL libraries are available (and meet the minimum version requirements) cryptography will be preferred as a backend over PyOpenSSL (unless the backend is forced with
select_crypto_backend
)
Requirements
The below requirements are needed on the host that executes this module.
- PyOpenSSL >= 0.15 or cryptography >= 1.2.3
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
passphrase string |
The passphrase for the private key. | |
path path / required |
Remote absolute path where the private key file is loaded from. | |
return_private_key_data boolean |
|
Whether to return private key data. Only set this to WARNING: you have to make sure that private key data isn't accidentally logged! |
select_crypto_backend string |
|
Determines which crypto backend to use. The default choice is If set to If set to |
See Also
See also
- openssl_privatekey – Generate OpenSSL private keys
- The official documentation on the openssl_privatekey module.
Examples
- name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
openssl_privatekey:
path: /etc/ssl/private/ansible.com.pem
- name: Get information on generated key
openssl_privatekey_info:
path: /etc/ssl/private/ansible.com.pem
register: result
- name: Dump information
debug:
var: result
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
can_load_key boolean |
always |
Whether the module was able to load the private key from disk
|
can_parse_key boolean |
always |
Whether the module was able to parse the private key
|
key_is_consistent boolean |
always |
Whether the key is consistent. Can also return In case the check returns
|
private_data dictionary |
success and when return_private_key_data is set to yes
|
Private key data. Depends on key type.
|
public_data dictionary |
success |
Public key data. Depends on key type.
|
public_key string |
success |
Private key's public key in PEM format
Sample: BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A... |
public_key_fingerprints dictionary |
success |
Fingerprints of private key's public key. For every hash algorithm available, the fingerprint is computed.
Sample: {'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1... |
type string |
success |
The key's type. One of Will start with
Sample: RSA |
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Felix Fontein (@felixfontein)
- Yanis Guenane (@Spredzy)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/openssl_privatekey_info_module.html