openssl_privatekey_info – Provide information for OpenSSL private keys

From Get docs
Ansible/docs/2.8/modules/openssl privatekey info module


openssl_privatekey_info – Provide information for OpenSSL private keys

New in version 2.8.


Synopsis

  • This module allows one to query information on OpenSSL private keys.
  • In case the key consistency checks fail, the module will fail as this indicates a faked private key. In this case, all return variables are still returned. Note that key consistency checks are not available all key types; if none is available, none is returned for key_is_consistent.
  • It uses the pyOpenSSL or cryptography python library to interact with OpenSSL. If both the cryptography and PyOpenSSL libraries are available (and meet the minimum version requirements) cryptography will be preferred as a backend over PyOpenSSL (unless the backend is forced with select_crypto_backend)

Requirements

The below requirements are needed on the host that executes this module.

  • PyOpenSSL >= 0.15 or cryptography >= 1.2.3

Parameters

Parameter Choices/Defaults Comments

passphrase

string

The passphrase for the private key.

path

path / required

Remote absolute path where the private key file is loaded from.

return_private_key_data

boolean

  • no

  • yes

Whether to return private key data.

Only set this to yes when you want private information about this key to leave the remote machine.

WARNING: you have to make sure that private key data isn't accidentally logged!

select_crypto_backend

string

  • auto

  • cryptography
  • pyopenssl

Determines which crypto backend to use.

The default choice is auto, which tries to use cryptography if available, and falls back to pyopenssl.

If set to pyopenssl, will try to use the pyOpenSSL library.

If set to cryptography, will try to use the cryptography library.



See Also

See also

openssl_privatekey – Generate OpenSSL private keys
The official documentation on the openssl_privatekey module.


Examples

- name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
  openssl_privatekey:
    path: /etc/ssl/private/ansible.com.pem

- name: Get information on generated key
  openssl_privatekey_info:
    path: /etc/ssl/private/ansible.com.pem
  register: result

- name: Dump information
  debug:
    var: result

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

can_load_key

boolean

always

Whether the module was able to load the private key from disk


can_parse_key

boolean

always

Whether the module was able to parse the private key


key_is_consistent

boolean

always

Whether the key is consistent. Can also return none next to yes and no, to indicate that consistency couldn't be checked.

In case the check returns no, the module will fail.


private_data

dictionary

success and when return_private_key_data is set to yes

Private key data. Depends on key type.


public_data

dictionary

success

Public key data. Depends on key type.


public_key

string

success

Private key's public key in PEM format


Sample:


BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A...

public_key_fingerprints

dictionary

success

Fingerprints of private key's public key.

For every hash algorithm available, the fingerprint is computed.


Sample:

{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1...

type

string

success

The key's type.

One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

Will start with unknown if the key type cannot be determined.


Sample:

RSA




Status

Authors

  • Felix Fontein (@felixfontein)
  • Yanis Guenane (@Spredzy)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/openssl_privatekey_info_module.html