<title>community.crypto.openssl_publickey module – Generate an OpenSSL public key from its private key — Community.Crypto Collection documentation</title>
<linkrel="next"title="community.crypto.openssl_publickey_info module – Provide information for OpenSSL public keys"href="openssl_publickey_info_module.html"/>
<linkrel="prev"title="community.crypto.openssl_privatekey_pipe module – Generate OpenSSL private keys without disk access"href="openssl_privatekey_pipe_module.html"/><!-- extra head elements for Ansible beyond RTD Sphinx Theme -->
</head>
<bodyclass="wy-body-for-nav"><!-- extra body elements for Ansible beyond RTD Sphinx Theme -->
<liclass="toctree-l1"><aclass="reference internal"href="docsite/guide_selfsigned.html">How to create self-signed certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="docsite/guide_ownca.html">How to create a small CA</a></li>
</ul>
<ulclass="current">
<liclass="toctree-l1"><aclass="reference internal"href="acme_account_module.html">community.crypto.acme_account module – Create, modify or delete ACME accounts</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_account_info_module.html">community.crypto.acme_account_info module – Retrieves information on ACME accounts</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_ari_info_module.html">community.crypto.acme_ari_info module – Retrieves ACME Renewal Information (ARI) for a certificate</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_deactivate_authz_module.html">community.crypto.acme_certificate_deactivate_authz module – Deactivate all authz for an ACME v2 order</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_order_create_module.html">community.crypto.acme_certificate_order_create module – Create an ACME v2 order</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_order_finalize_module.html">community.crypto.acme_certificate_order_finalize module – Finalize an ACME v2 order</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_order_info_module.html">community.crypto.acme_certificate_order_info module – Obtain information for an ACME v2 order</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_order_validate_module.html">community.crypto.acme_certificate_order_validate module – Validate authorizations of an ACME v2 order</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_renewal_info_module.html">community.crypto.acme_certificate_renewal_info module – Determine whether a certificate should be renewed or not</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_revoke_module.html">community.crypto.acme_certificate_revoke module – Revoke certificates with the ACME protocol</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_challenge_cert_helper_module.html">community.crypto.acme_challenge_cert_helper module – Prepare certificates required for ACME challenges such as <codeclass="docutils literal notranslate"><spanclass="pre">tls-alpn-01</span></code></a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_inspect_module.html">community.crypto.acme_inspect module – Send direct requests to an ACME server</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="certificate_complete_chain_module.html">community.crypto.certificate_complete_chain module – Complete certificate chain given a set of untrusted and root certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="ecs_certificate_module.html">community.crypto.ecs_certificate module – Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="ecs_domain_module.html">community.crypto.ecs_domain module – Request validation of a domain with the Entrust Certificate Services (ECS) API</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="get_certificate_module.html">community.crypto.get_certificate module – Get a certificate from a host:port</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssh_cert_module.html">community.crypto.openssh_cert module – Generate OpenSSH host or user certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssh_keypair_module.html">community.crypto.openssh_keypair module – Generate OpenSSH private and public keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_csr_info_module.html">community.crypto.openssl_csr_info module – Provide information of OpenSSL Certificate Signing Requests (CSR)</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_info_module.html">community.crypto.openssl_privatekey_info module – Provide information for OpenSSL private keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_pipe_module.html">community.crypto.openssl_privatekey_pipe module – Generate OpenSSL private keys without disk access</a></li>
<liclass="toctree-l1 current"><aclass="current reference internal"href="#">community.crypto.openssl_publickey module – Generate an OpenSSL public key from its private key</a><ul>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_info_module.html">community.crypto.openssl_publickey_info module – Provide information for OpenSSL public keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_signature_module.html">community.crypto.openssl_signature module – Sign data with openssl</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_signature_info_module.html">community.crypto.openssl_signature_info module – Verify signatures with openssl</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_certificate_info_module.html">community.crypto.x509_certificate_info module – Provide information of OpenSSL X.509 certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="gpg_fingerprint_filter.html">community.crypto.gpg_fingerprint filter – Retrieve a GPG fingerprint from a GPG public or private key</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_info_filter.html">community.crypto.openssl_privatekey_info filter – Retrieve information from OpenSSL private keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_info_filter.html">community.crypto.openssl_publickey_info filter – Retrieve information from OpenSSL public keys in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="parse_serial_filter.html">community.crypto.parse_serial filter – Convert a serial number as a colon-separated list of hex numbers to an integer</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="to_serial_filter.html">community.crypto.to_serial filter – Convert an integer to a colon-separated list of hex numbers</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_certificate_info_filter.html">community.crypto.x509_certificate_info filter – Retrieve information from X.509 certificates in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_crl_info_filter.html">community.crypto.x509_crl_info filter – Retrieve information from X.509 CRLs in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="gpg_fingerprint_lookup.html">community.crypto.gpg_fingerprint lookup – Retrieve a GPG fingerprint from a GPG public or private key file</a></li>
<ahref="https://github.com/ansible-collections/community.crypto/edit/main/plugins/modules/openssl_publickey.py?description=%23%23%23%23%23%20SUMMARY%0A%3C!—%20Your%20description%20here%20–%3E%0A%0A%0A%23%23%23%23%23%20ISSUE%20TYPE%0A-%20Docs%20Pull%20Request%0A%0A%2Blabel:%20docsite_pr"class="fa fa-github"> Edit on GitHub</a>
<h1>community.crypto.openssl_publickey module – Generate an OpenSSL public key from its private key<aclass="headerlink"href="#community-crypto-openssl-publickey-module-generate-an-openssl-public-key-from-its-private-key"title="Link to this heading"></a></h1>
<p>This module is part of the <aclass="reference external"href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.24.0).</p>
<p>It is not included in <codeclass="docutils literal notranslate"><spanclass="pre">ansible-core</span></code>.
To check whether it is installed, run <codeclass="code docutils literal notranslate"><spanclass="pre">ansible-galaxy</span><spanclass="pre">collection</span><spanclass="pre">list</span></code>.</p>
You need further requirements to be able to use this module,
see <aclass="reference internal"href="#ansible-collections-community-crypto-openssl-publickey-module-requirements"><spanclass="std std-ref">Requirements</span></a> for details.</p>
<p>To use it in a playbook, specify: <codeclass="code docutils literal notranslate"><spanclass="pre">community.crypto.openssl_publickey</span></code>.</p>
<li><p>Public keys are generated in PEM or OpenSSH format. Private keys must be OpenSSL PEM keys. <strong>OpenSSH private keys are not supported</strong>, use the <aclass="reference internal"href="openssh_keypair_module.html#ansible-collections-community-crypto-openssh-keypair-module"><spanclass="std std-ref">community.crypto.openssh_keypair</span></a> module to manage these.</p></li>
<spanid="ansible-collections-community-crypto-openssl-publickey-module-requirements"></span><h2><aclass="toc-backref"href="#id2"role="doc-backlink">Requirements</a><aclass="headerlink"href="#requirements"title="Link to this heading"></a></h2>
<aclass="ansibleOptionLink"href="#parameter-attributes"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-aliases">aliases: attr</span></p>
<p>To get supported flags look at the man page for <codeclass="docutils literal notranslate"><spanclass="pre">chattr</span></code> on the target system.</p>
<p>This string should contain the attributes in the same order as the one displayed by <codeclass="docutils literal notranslate"><spanclass="pre">lsattr</span></code>.</p>
<p>The <codeclass="docutils literal notranslate"><spanclass="pre">=</span></code> operator is assumed as default, otherwise <codeclass="docutils literal notranslate"><spanclass="pre">+</span></code> or <codeclass="docutils literal notranslate"><spanclass="pre">-</span></code> operators need to be included in the string.</p>
<aclass="ansibleOptionLink"href="#parameter-backup"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Create a backup file including a timestamp so you can get the original public key back if you overwrote it with a different one by accident.</p>
<aclass="ansibleOptionLink"href="#parameter-force"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Should the key be regenerated even it it already exists.</p>
<aclass="ansibleOptionLink"href="#parameter-format"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The format of the public key.</p>
<aclass="ansibleOptionLink"href="#parameter-group"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<td><divclass="ansible-option-cell"><p>Name of the group that should own the filesystem object, as would be fed to <codeclass="docutils literal notranslate"><spanclass="pre">chown</span></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-mode"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">any</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The permissions the resulting filesystem object should have.</p>
<p>For those used to <codeclass="docutils literal notranslate"><spanclass="pre">/usr/bin/chmod</span></code> remember that modes are actually octal numbers. You must give Ansible enough information to parse them correctly. For consistent results, quote octal numbers (for example, <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">'644'</span></code> or <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">'1777'</span></code>) so Ansible receives a string and can do its own conversion from string into number. Adding a leading zero (for example, <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">0755</span></code>) works sometimes, but can fail in loops and some other circumstances.</p>
<p>As of Ansible 1.8, the mode may be specified as a symbolic mode (for example, <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">u+rwx</span></code> or <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">u=rw,g=r,o=r</span></code>).</p>
<p>If <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-openssl-publickey-module-parameter-mode"><spanclass="std std-ref"><spanclass="pre">mode</span></span></a></strong></code> is not specified and the destination filesystem object <strong>does not</strong> exist, the default <codeclass="docutils literal notranslate"><spanclass="pre">umask</span></code> on the system will be used when setting the mode for the newly created filesystem object.</p>
<p>If <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-openssl-publickey-module-parameter-mode"><spanclass="std std-ref"><spanclass="pre">mode</span></span></a></strong></code> is not specified and the destination filesystem object <strong>does</strong> exist, the mode of the existing filesystem object will be used.</p>
<p>Specifying <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-openssl-publickey-module-parameter-mode"><spanclass="std std-ref"><spanclass="pre">mode</span></span></a></strong></code> is the best way to ensure filesystem objects are created with the correct permissions. See CVE-2020-1736 for further details.</p>
<aclass="ansibleOptionLink"href="#parameter-owner"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<td><divclass="ansible-option-cell"><p>Name of the user that should own the filesystem object, as would be fed to <codeclass="docutils literal notranslate"><spanclass="pre">chown</span></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-path"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">path</span> / <spanclass="ansible-option-required">required</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Name of the file in which the generated TLS/SSL public key will be written.</p>
<aclass="ansibleOptionLink"href="#parameter-privatekey_content"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p>Either <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-openssl-publickey-module-parameter-privatekey-path"><spanclass="std std-ref"><spanclass="pre">privatekey_path</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-openssl-publickey-module-parameter-privatekey-content"><spanclass="std std-ref"><spanclass="pre">privatekey_content</span></span></a></strong></code> must be specified, but not both. If <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-openssl-publickey-module-parameter-state"><spanclass="std std-ref"><spanclass="pre">state</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">present</span></code>, one of them is required.</p>
<aclass="ansibleOptionLink"href="#parameter-privatekey_passphrase"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The passphrase for the private key.</p>
<aclass="ansibleOptionLink"href="#parameter-privatekey_path"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">path</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Path to the TLS/SSL private key from which to generate the public key.</p>
<p>Either <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-openssl-publickey-module-parameter-privatekey-path"><spanclass="std std-ref"><spanclass="pre">privatekey_path</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-openssl-publickey-module-parameter-privatekey-content"><spanclass="std std-ref"><spanclass="pre">privatekey_content</span></span></a></strong></code> must be specified, but not both. If <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-openssl-publickey-module-parameter-state"><spanclass="std std-ref"><spanclass="pre">state</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">present</span></code>, one of them is required.</p>
<aclass="ansibleOptionLink"href="#parameter-return_content"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
<td><divclass="ansible-option-cell"><p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code>, will return the (current or generated) public key’s content as <codeclass="ansible-return-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-openssl-publickey-module-return-publickey"><spanclass="std std-ref"><spanclass="pre">publickey</span></span></a></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-select_crypto_backend"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Determines which crypto backend to use.</p>
<p>The default choice is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">auto</span></code>, which tries to use <codeclass="docutils literal notranslate"><spanclass="pre">cryptography</span></code> if available.</p>
<p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">cryptography</span></code>, will try to use the <aclass="reference external"href="https://cryptography.io/">cryptography</a> library.</p>
<aclass="ansibleOptionLink"href="#parameter-selevel"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The level part of the SELinux filesystem object context.</p>
<p>This is the MLS/MCS attribute, sometimes known as the <codeclass="docutils literal notranslate"><spanclass="pre">range</span></code>.</p>
<p>When set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">_default</span></code>, it will use the <codeclass="docutils literal notranslate"><spanclass="pre">level</span></code> portion of the policy if available.</p>
<aclass="ansibleOptionLink"href="#parameter-serole"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The role part of the SELinux filesystem object context.</p>
<p>When set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">_default</span></code>, it will use the <codeclass="docutils literal notranslate"><spanclass="pre">role</span></code> portion of the policy if available.</p>
<aclass="ansibleOptionLink"href="#parameter-setype"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The type part of the SELinux filesystem object context.</p>
<p>When set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">_default</span></code>, it will use the <codeclass="docutils literal notranslate"><spanclass="pre">type</span></code> portion of the policy if available.</p>
<aclass="ansibleOptionLink"href="#parameter-seuser"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The user part of the SELinux filesystem object context.</p>
<p>By default it uses the <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">system</span></code> policy, where applicable.</p>
<p>When set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">_default</span></code>, it will use the <codeclass="docutils literal notranslate"><spanclass="pre">user</span></code> portion of the policy if available.</p>
<aclass="ansibleOptionLink"href="#parameter-state"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Whether the public key should exist or not, taking action if the state is different from what is stated.</p>
<aclass="ansibleOptionLink"href="#parameter-unsafe_writes"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Influence when to use atomic operation to prevent data corruption or inconsistent reads from the target filesystem object.</p>
<p>By default this module uses atomic operations to prevent data corruption or inconsistent reads from the target filesystem objects, but sometimes systems are configured or just broken in ways that prevent this. One example is docker mounted filesystem objects, which cannot be updated atomically from inside the container and can only be written in an unsafe manner.</p>
<p>This option allows Ansible to fall back to unsafe methods of updating filesystem objects when atomic operations fail (however, it doesn’t force Ansible to perform unsafe writes).</p>
<p>IMPORTANT! Unsafe writes are subject to race conditions and can lead to data corruption.</p>
<td><divclass="ansible-option-cell"><p>Can run in <codeclass="docutils literal notranslate"><spanclass="pre">check_mode</span></code> and return changed status prediction without modifying target.</p>
<td><divclass="ansible-option-cell"><p>Will return details on what has changed (or possibly needs changing in <codeclass="docutils literal notranslate"><spanclass="pre">check_mode</span></code>), when in diff mode.</p>
<p>The module is not idempotent if <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-openssl-publickey-module-parameter-force"><spanclass="std std-ref"><spanclass="pre">force=true</span></span></a></code>.</p>
</div></td>
<td><divclass="ansible-option-cell"><p>When run twice in a row outside check mode, with the same arguments, the second invocation indicates no change.</p>
<p>This assumes that the system controlled/queried by the module has not changed in a relevant way.</p>
<dt><aclass="reference internal"href="openssl_privatekey_pipe_module.html#ansible-collections-community-crypto-openssl-privatekey-pipe-module"><spanclass="std std-ref">community.crypto.openssl_privatekey_pipe</span></a></dt><dd><p>Generate OpenSSL private keys without disk access.</p>
<divclass="highlight-yaml+jinja notranslate"><divclass="highlight"><pre><span></span><spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Generate an OpenSSL public key in PEM format</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Generate an OpenSSL public key in PEM format from an inline key</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Generate an OpenSSL public key in OpenSSH v2 format</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Generate an OpenSSL public key with a passphrase protected private key</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Force regenerate an OpenSSL public key if it already exists</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Remove an OpenSSL public key</span>
<h2><aclass="toc-backref"href="#id7"role="doc-backlink">Return Values</a><aclass="headerlink"href="#return-values"title="Link to this heading"></a></h2>
<p>Common return values are documented <aclass="reference external"href="https://docs.ansible.com/ansible/devel/reference_appendices/common_return_values.html#common-return-values"title="(in Ansible vdevel)"><spanclass="xref std std-ref">here</span></a>, the following are the fields unique to this module:</p>
<aclass="ansibleOptionLink"href="#return-backup_file"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Name of backup file created.</p>
<pclass="ansible-option-line"><strongclass="ansible-option-returned-bold">Returned:</strong> changed and if <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-openssl-publickey-module-parameter-backup"><spanclass="std std-ref"><spanclass="pre">backup</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code></p>
<aclass="ansibleOptionLink"href="#return-filename"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Path to the generated TLS/SSL public key file.</p>
<aclass="ansibleOptionLink"href="#return-fingerprint"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">dictionary</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The fingerprint of the public key. Fingerprint will be generated for each hashlib.algorithms available.</p>
<aclass="ansibleOptionLink"href="#return-format"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The format of the public key (PEM, OpenSSH, …).</p>
<aclass="ansibleOptionLink"href="#return-privatekey"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Path to the TLS/SSL private key the public key was generated from.</p>
<p>Will be <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">none</span></code> if the private key has been provided in <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-openssl-publickey-module-parameter-privatekey-content"><spanclass="std std-ref"><spanclass="pre">privatekey_content</span></span></a></strong></code>.</p>
<aclass="ansibleOptionLink"href="#return-publickey"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<li><span><aaria-role="button"class="ansible-link reference external"href="https://forum.ansible.com/tags/c/help/6/none/crypto"rel="noopener external"target="_blank">Ask for help (crypto)</a></span></li>
<li><span><aaria-role="button"class="ansible-link reference external"href="https://forum.ansible.com/tags/c/help/6/none/acme"rel="noopener external"target="_blank">Ask for help (ACME)</a></span></li>
<ahref="openssl_privatekey_pipe_module.html"class="btn btn-neutral float-left"title="community.crypto.openssl_privatekey_pipe module – Generate OpenSSL private keys without disk access"accesskey="p"rel="prev"><spanclass="fa fa-arrow-circle-left"aria-hidden="true"></span> Previous</a>
<ahref="openssl_publickey_info_module.html"class="btn btn-neutral float-right"title="community.crypto.openssl_publickey_info module – Provide information for OpenSSL public keys"accesskey="n"rel="next">Next <spanclass="fa fa-arrow-circle-right"aria-hidden="true"></span></a>
