New in version 2.8.
none is returned for key_is_consistent.select_crypto_backend). Please note that the PyOpenSSL backend was deprecated in Ansible 2.9 and will be removed in Ansible 2.13.The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| passphrase string | The passphrase for the private key. | |
| path path / required | Remote absolute path where the private key file is loaded from. | |
| return_private_key_data boolean |
| Whether to return private key data. Only set this to yes when you want private information about this key to leave the remote machine.WARNING: you have to make sure that private key data isn't accidentally logged! |
| select_crypto_backend string |
| Determines which crypto backend to use. The default choice is auto, which tries to use cryptography if available, and falls back to pyopenssl.If set to pyopenssl, will try to use the pyOpenSSL library.If set to cryptography, will try to use the cryptography library.Please note that the pyopenssl backend has been deprecated in Ansible 2.9, and will be removed in Ansible 2.13. From that point on, only the cryptography backend will be available. |
See also
- name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
openssl_privatekey:
path: /etc/ssl/private/ansible.com.pem
- name: Get information on generated key
openssl_privatekey_info:
path: /etc/ssl/private/ansible.com.pem
register: result
- name: Dump information
debug:
var: result
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| can_load_key boolean | always | Whether the module was able to load the private key from disk |
| can_parse_key boolean | always | Whether the module was able to parse the private key |
| key_is_consistent boolean | always | Whether the key is consistent. Can also return none next to yes and no, to indicate that consistency couldn't be checked.In case the check returns no, the module will fail. |
| private_data dictionary | success and when return_private_key_data is set to yes
| Private key data. Depends on key type. |
| public_data dictionary | success | Public key data. Depends on key type. |
| public_key string | success | Private key's public key in PEM format Sample: -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A... |
| public_key_fingerprints dictionary | success | Fingerprints of private key's public key. For every hash algorithm available, the fingerprint is computed. Sample: {'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1... |
| type string | success | The key's type. One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.Will start with unknown if the key type cannot be determined.Sample: RSA |
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/openssl_privatekey_info_module.html