<linkrel="next"title="community.crypto.openssh_cert module – Generate OpenSSH host or user certificates."href="openssh_cert_module.html"/>
<linkrel="prev"title="community.crypto.gpg_keypair module – Generate or delete GPG private and public keys"href="gpg_keypair_module.html"/><!-- extra head elements for Ansible beyond RTD Sphinx Theme -->
</head>
<bodyclass="wy-body-for-nav"><!-- extra body elements for Ansible beyond RTD Sphinx Theme -->
<liclass="toctree-l1"><aclass="reference internal"href="docsite/guide_selfsigned.html">How to create self-signed certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="docsite/guide_ownca.html">How to create a small CA</a></li>
</ul>
<ulclass="current">
<liclass="toctree-l1"><aclass="reference internal"href="acme_account_module.html">community.crypto.acme_account module – Create, modify or delete ACME accounts</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_account_info_module.html">community.crypto.acme_account_info module – Retrieves information on ACME accounts</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_ari_info_module.html">community.crypto.acme_ari_info module – Retrieves ACME Renewal Information (ARI) for a certificate</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_module.html">community.crypto.acme_certificate module – Create SSL/TLS certificates with the ACME protocol</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_deactivate_authz_module.html">community.crypto.acme_certificate_deactivate_authz module – Deactivate all authz for an ACME v2 order</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_renewal_info_module.html">community.crypto.acme_certificate_renewal_info module – Determine whether a certificate should be renewed or not</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_revoke_module.html">community.crypto.acme_certificate_revoke module – Revoke certificates with the ACME protocol</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_challenge_cert_helper_module.html">community.crypto.acme_challenge_cert_helper module – Prepare certificates required for ACME challenges such as <codeclass="docutils literal notranslate"><spanclass="pre">tls-alpn-01</span></code></a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_inspect_module.html">community.crypto.acme_inspect module – Send direct requests to an ACME server</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="certificate_complete_chain_module.html">community.crypto.certificate_complete_chain module – Complete certificate chain given a set of untrusted and root certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="ecs_certificate_module.html">community.crypto.ecs_certificate module – Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="ecs_domain_module.html">community.crypto.ecs_domain module – Request validation of a domain with the Entrust Certificate Services (ECS) API</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="get_certificate_module.html">community.crypto.get_certificate module – Get a certificate from a host:port</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="gpg_keypair_module.html">community.crypto.gpg_keypair module – Generate or delete GPG private and public keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssh_cert_module.html">community.crypto.openssh_cert module – Generate OpenSSH host or user certificates.</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssh_keypair_module.html">community.crypto.openssh_keypair module – Generate OpenSSH private and public keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_csr_info_module.html">community.crypto.openssl_csr_info module – Provide information of OpenSSL Certificate Signing Requests (CSR)</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_info_module.html">community.crypto.openssl_privatekey_info module – Provide information for OpenSSL private keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_pipe_module.html">community.crypto.openssl_privatekey_pipe module – Generate OpenSSL private keys without disk access</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_module.html">community.crypto.openssl_publickey module – Generate an OpenSSL public key from its private key.</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_info_module.html">community.crypto.openssl_publickey_info module – Provide information for OpenSSL public keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_signature_module.html">community.crypto.openssl_signature module – Sign data with openssl</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_signature_info_module.html">community.crypto.openssl_signature_info module – Verify signatures with openssl</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_certificate_info_module.html">community.crypto.x509_certificate_info module – Provide information of OpenSSL X.509 certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_crl_info_module.html">community.crypto.x509_crl_info module – Retrieve information on Certificate Revocation Lists (CRLs)</a></li>
</ul>
<ul>
<liclass="toctree-l1"><aclass="reference internal"href="gpg_fingerprint_filter.html">community.crypto.gpg_fingerprint filter – Retrieve a GPG fingerprint from a GPG public or private key</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_csr_info_filter.html">community.crypto.openssl_csr_info filter – Retrieve information from OpenSSL Certificate Signing Requests (CSR)</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_info_filter.html">community.crypto.openssl_privatekey_info filter – Retrieve information from OpenSSL private keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_info_filter.html">community.crypto.openssl_publickey_info filter – Retrieve information from OpenSSL public keys in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="parse_serial_filter.html">community.crypto.parse_serial filter – Convert a serial number as a colon-separated list of hex numbers to an integer</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="to_serial_filter.html">community.crypto.to_serial filter – Convert an integer to a colon-separated list of hex numbers</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_certificate_info_filter.html">community.crypto.x509_certificate_info filter – Retrieve information from X.509 certificates in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_crl_info_filter.html">community.crypto.x509_crl_info filter – Retrieve information from X.509 CRLs in PEM format</a></li>
</ul>
<ul>
<liclass="toctree-l1"><aclass="reference internal"href="gpg_fingerprint_lookup.html">community.crypto.gpg_fingerprint lookup – Retrieve a GPG fingerprint from a GPG public or private key file</a></li>
</ul>
<!-- extra nav elements for Ansible beyond RTD Sphinx Theme -->
<ahref="https://github.com/ansible-collections/community.crypto/edit/main/plugins/modules/luks_device.py?description=%23%23%23%23%23%20SUMMARY%0A%3C!—%20Your%20description%20here%20–%3E%0A%0A%0A%23%23%23%23%23%20ISSUE%20TYPE%0A-%20Docs%20Pull%20Request%0A%0A%2Blabel:%20docsite_pr"class="fa fa-github"> Edit on GitHub</a>
<h1>community.crypto.luks_device module – Manage encrypted (LUKS) devices<aclass="headerlink"href="#community-crypto-luks-device-module-manage-encrypted-luks-devices"title="Link to this heading"></a></h1>
<p>This module is part of the <aclass="reference external"href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.21.0).</p>
<p>It is not included in <codeclass="docutils literal notranslate"><spanclass="pre">ansible-core</span></code>.
To check whether it is installed, run <codeclass="code docutils literal notranslate"><spanclass="pre">ansible-galaxy</span><spanclass="pre">collection</span><spanclass="pre">list</span></code>.</p>
You need further requirements to be able to use this module,
see <aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-requirements"><spanclass="std std-ref">Requirements</span></a> for details.</p>
<p>To use it in a playbook, specify: <codeclass="code docutils literal notranslate"><spanclass="pre">community.crypto.luks_device</span></code>.</p>
<h2><aclass="toc-backref"href="#id1"role="doc-backlink">Synopsis</a><aclass="headerlink"href="#synopsis"title="Link to this heading"></a></h2>
<ulclass="simple">
<li><p>Module manages <aclass="reference external"href="https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup">LUKS</a> on given device. Supports creating, destroying, opening and closing of LUKS container and adding or removing new keys and passphrases.</p></li>
</ul>
</section>
<sectionid="requirements">
<spanid="ansible-collections-community-crypto-luks-device-module-requirements"></span><h2><aclass="toc-backref"href="#id2"role="doc-backlink">Requirements</a><aclass="headerlink"href="#requirements"title="Link to this heading"></a></h2>
<p>The below requirements are needed on the host that executes this module.</p>
<aclass="ansibleOptionLink"href="#parameter-allow_discards"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 2.17.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Allow discards (also known as TRIM) requests for device.</p>
<aclass="ansibleOptionLink"href="#parameter-cipher"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 1.1.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>This option allows the user to define the cipher specification string for the LUKS container.</p>
<p>Will only be used on container creation.</p>
<p>For pre-2.6.10 kernels, use <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">aes-plain</span></code> as they do not understand the new cipher spec strings. To use ESSIV, use <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">aes-cbc-essiv:sha256</span></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-device"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Device to work with (for example <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">/dev/sda1</span></code>). Needed in most cases. Can be omitted only when <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-state"><spanclass="std std-ref"><spanclass="pre">state=closed</span></span></a></code> together with <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-name"><spanclass="std std-ref"><spanclass="pre">name</span></span></a></strong></code> is provided.</p>
<aclass="ansibleOptionLink"href="#parameter-force_remove_last_key"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code>, allows removing the last key from a container.</p>
<p>BEWARE that when the last key has been removed from a container, the container can no longer be opened!</p>
<aclass="ansibleOptionLink"href="#parameter-hash"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 1.1.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>This option allows the user to specify the hash function used in LUKS key setup scheme and volume key digest.</p>
<aclass="ansibleOptionLink"href="#parameter-keyfile"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">path</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Used to unlock the container. Either a <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><spanclass="std std-ref"><spanclass="pre">keyfile</span></span></a></strong></code> or a <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><spanclass="std std-ref"><spanclass="pre">passphrase</span></span></a></strong></code> is needed for most of the operations. Parameter value is the path to the keyfile with the passphrase.</p>
<p>BEWARE that working with keyfiles in plaintext is dangerous. Make sure that they are protected.</p>
<aclass="ansibleOptionLink"href="#parameter-keysize"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Sets the key size only if LUKS container does not exist.</p>
<aclass="ansibleOptionLink"href="#parameter-keyslot"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 2.16.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Adds the <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><spanclass="std std-ref"><spanclass="pre">keyfile</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><spanclass="std std-ref"><spanclass="pre">passphrase</span></span></a></strong></code> to a specific keyslot when creating a new container on <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><spanclass="std std-ref"><spanclass="pre">device</span></span></a></strong></code>. Parameter value is the number of the keyslot.</p>
<p><strong>Note</strong> that a device of <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><spanclass="std std-ref"><spanclass="pre">type=luks1</span></span></a></code> supports the keyslot numbers <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">0</span></code>-<codeclass="ansible-value docutils literal notranslate"><spanclass="pre">7</span></code> and a device of <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><spanclass="std std-ref"><spanclass="pre">type=luks2</span></span></a></code> supports the keyslot numbers <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">0</span></code>-<codeclass="ansible-value docutils literal notranslate"><spanclass="pre">31</span></code>. In order to use the keyslots <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">8</span></code>-<codeclass="ansible-value docutils literal notranslate"><spanclass="pre">31</span></code> when creating a new container, setting <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><spanclass="std std-ref"><spanclass="pre">type</span></span></a></strong></code> to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">luks2</span></code> is required.</p>
<aclass="ansibleOptionLink"href="#parameter-label"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>This option allow the user to create a LUKS2 format container with label support, respectively to identify the container by label on later usages.</p>
<p>Will only be used on container creation, or when <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><spanclass="std std-ref"><spanclass="pre">device</span></span></a></strong></code> is not specified.</p>
<p>This cannot be specified if <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><spanclass="std std-ref"><spanclass="pre">type</span></span></a></strong></code> is set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">luks1</span></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-name"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Sets container name when <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-state"><spanclass="std std-ref"><spanclass="pre">state=opened</span></span></a></code>. Can be used instead of <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><spanclass="std std-ref"><spanclass="pre">device</span></span></a></strong></code> when closing the existing container (that is, when <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-state"><spanclass="std std-ref"><spanclass="pre">state=closed</span></span></a></code>).</p>
<aclass="ansibleOptionLink"href="#parameter-new_keyfile"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">path</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Adds additional key to given container on <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><spanclass="std std-ref"><spanclass="pre">device</span></span></a></strong></code>. Needs <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><spanclass="std std-ref"><spanclass="pre">keyfile</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><spanclass="std std-ref"><spanclass="pre">passphrase</span></span></a></strong></code> option for authorization. LUKS container supports up to 8 keyslots. Parameter value is the path to the keyfile with the passphrase.</p>
<p>NOTE that adding additional keys is idempotent only since community.crypto 1.4.0. For older versions, a new keyslot will be used even if another keyslot already exists for this keyfile.</p>
<p>BEWARE that working with keyfiles in plaintext is dangerous. Make sure that they are protected.</p>
<aclass="ansibleOptionLink"href="#parameter-new_keyslot"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 2.16.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Adds the additional <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-new-keyfile"><spanclass="std std-ref"><spanclass="pre">new_keyfile</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-new-passphrase"><spanclass="std std-ref"><spanclass="pre">new_passphrase</span></span></a></strong></code> to a specific keyslot on the given <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><spanclass="std std-ref"><spanclass="pre">device</span></span></a></strong></code>. Parameter value is the number of the keyslot.</p>
<p><strong>Note</strong> that a device of <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><spanclass="std std-ref"><spanclass="pre">type=luks1</span></span></a></code> supports the keyslot numbers <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">0</span></code>-<codeclass="ansible-value docutils literal notranslate"><spanclass="pre">7</span></code> and a device of <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><spanclass="std std-ref"><spanclass="pre">type=luks2</span></span></a></code> supports the keyslot numbers <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">0</span></code>-<codeclass="ansible-value docutils literal notranslate"><spanclass="pre">31</span></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-new_passphrase"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Adds additional passphrase to given container on <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><spanclass="std std-ref"><spanclass="pre">device</span></span></a></strong></code>. Needs <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><spanclass="std std-ref"><spanclass="pre">keyfile</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><spanclass="std std-ref"><spanclass="pre">passphrase</span></span></a></strong></code> option for authorization. LUKS container supports up to 8 keyslots. Parameter value is a string with the new passphrase.</p>
<p>NOTE that adding additional passphrase is idempotent only since community.crypto 1.4.0. For older versions, a new keyslot will be used even if another keyslot already exists for this passphrase.</p>
<aclass="ansibleOptionLink"href="#parameter-passphrase"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Used to unlock the container. Either a <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><spanclass="std std-ref"><spanclass="pre">passphrase</span></span></a></strong></code> or a <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><spanclass="std std-ref"><spanclass="pre">keyfile</span></span></a></strong></code> is needed for most of the operations. Parameter value is a string with the passphrase.</p>
<aclass="ansibleOptionLink"href="#parameter-pbkdf"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">dictionary</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 1.4.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>This option allows the user to configure the Password-Based Key Derivation Function (PBKDF) used.</p>
<p>Will only be used on container creation, and when adding keys to an existing container.</p>
<aclass="ansibleOptionLink"href="#parameter-pbkdf/algorithm"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The algorithm to use.</p>
<aclass="ansibleOptionLink"href="#parameter-pbkdf/iteration_count"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Specify the iteration count used for the PBKDF.</p>
<p>Mutually exclusive with <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-pbkdf-iteration-time"><spanclass="std std-ref"><spanclass="pre">pbkdf.iteration_time</span></span></a></strong></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-pbkdf/iteration_time"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">float</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Specify the iteration time used for the PBKDF.</p>
<p>Note that this is in <strong>seconds</strong>, not in milliseconds as on the command line.</p>
<p>Mutually exclusive with <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-pbkdf-iteration-count"><spanclass="std std-ref"><spanclass="pre">pbkdf.iteration_count</span></span></a></strong></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-pbkdf/memory"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The memory cost limit in kilobytes for the PBKDF.</p>
<p>This is not used for PBKDF2, but only for the Argon PBKDFs.</p>
<aclass="ansibleOptionLink"href="#parameter-pbkdf/parallel"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The parallel cost for the PBKDF. This is the number of threads that run in parallel.</p>
<p>This is not used for PBKDF2, but only for the Argon PBKDFs.</p>
<aclass="ansibleOptionLink"href="#parameter-perf_no_read_workqueue"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 2.3.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Allows the user to bypass dm-crypt internal workqueue and process read requests synchronously.</p>
<aclass="ansibleOptionLink"href="#parameter-perf_no_write_workqueue"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 2.3.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Allows the user to bypass dm-crypt internal workqueue and process write requests synchronously.</p>
<aclass="ansibleOptionLink"href="#parameter-perf_same_cpu_crypt"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 2.3.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Allows the user to perform encryption using the same CPU that IO was submitted on.</p>
<p>The default is to use an unbound workqueue so that encryption work is automatically balanced between available CPUs.</p>
<aclass="ansibleOptionLink"href="#parameter-perf_submit_from_crypt_cpus"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 2.3.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Allows the user to disable offloading writes to a separate thread after encryption.</p>
<p>There are some situations where offloading block write IO operations from the encryption threads to a single thread degrades performance significantly.</p>
<p>The default is to offload block write IO operations to the same thread.</p>
<aclass="ansibleOptionLink"href="#parameter-persistent"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 2.3.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Allows the user to store options into container’s metadata persistently and automatically use them next time. Only <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-perf-same-cpu-crypt"><spanclass="std std-ref"><spanclass="pre">perf_same_cpu_crypt</span></span></a></strong></code>, <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-perf-submit-from-crypt-cpus"><spanclass="std std-ref"><spanclass="pre">perf_submit_from_crypt_cpus</span></span></a></strong></code>, <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-perf-no-read-workqueue"><spanclass="std std-ref"><spanclass="pre">perf_no_read_workqueue</span></span></a></strong></code>, <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-perf-no-write-workqueue"><spanclass="std std-ref"><spanclass="pre">perf_no_write_workqueue</span></span></a></strong></code>, and <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-allow-discards"><spanclass="std std-ref"><spanclass="pre">allow_discards</span></span></a></strong></code> can be stored persistently.</p>
<aclass="ansibleOptionLink"href="#parameter-remove_keyfile"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">path</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Removes given key from the container on <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><spanclass="std std-ref"><spanclass="pre">device</span></span></a></strong></code>. Does not remove the keyfile from filesystem. Parameter value is the path to the keyfile with the passphrase.</p>
<p>NOTE that removing keys is idempotent only since community.crypto 1.4.0. For older versions, trying to remove a key which no longer exists results in an error.</p>
<p>NOTE that to remove the last key from a LUKS container, the <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-force-remove-last-key"><spanclass="std std-ref"><spanclass="pre">force_remove_last_key</span></span></a></strong></code> option must be set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code>.</p>
<p>BEWARE that working with keyfiles in plaintext is dangerous. Make sure that they are protected.</p>
<aclass="ansibleOptionLink"href="#parameter-remove_keyslot"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 2.16.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Removes the key in the given slot on <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><spanclass="std std-ref"><spanclass="pre">device</span></span></a></strong></code>. Needs <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><spanclass="std std-ref"><spanclass="pre">keyfile</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><spanclass="std std-ref"><spanclass="pre">passphrase</span></span></a></strong></code> for authorization.</p>
<p><strong>Note</strong> that a device of <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><spanclass="std std-ref"><spanclass="pre">type=luks1</span></span></a></code> supports the keyslot numbers <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">0</span></code>-<codeclass="ansible-value docutils literal notranslate"><spanclass="pre">7</span></code> and a device of <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><spanclass="std std-ref"><spanclass="pre">type=luks2</span></span></a></code> supports the keyslot numbers <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">0</span></code>-<codeclass="ansible-value docutils literal notranslate"><spanclass="pre">31</span></code>.</p>
<p><strong>Note</strong> that the given <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><spanclass="std std-ref"><spanclass="pre">keyfile</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><spanclass="std std-ref"><spanclass="pre">passphrase</span></span></a></strong></code> must not be in the slot to be removed.</p>
<aclass="ansibleOptionLink"href="#parameter-remove_passphrase"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Removes given passphrase from the container on <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><spanclass="std std-ref"><spanclass="pre">device</span></span></a></strong></code>. Parameter value is a string with the passphrase to remove.</p>
<p>NOTE that removing passphrases is idempotent only since community.crypto 1.4.0. For older versions, trying to remove a passphrase which no longer exists results in an error.</p>
<p>NOTE that to remove the last keyslot from a LUKS container, the <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-force-remove-last-key"><spanclass="std std-ref"><spanclass="pre">force_remove_last_key</span></span></a></strong></code> option must be set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-sector_size"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 1.5.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>This option allows the user to specify the sector size (in bytes) used for LUKS2 containers.</p>
<aclass="ansibleOptionLink"href="#parameter-state"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Desired state of the LUKS container. Based on its value creates, destroys, opens or closes the LUKS container on a given device.</p>
<p><codeclass="ansible-value docutils literal notranslate"><spanclass="pre">present</span></code> will create LUKS container unless already present. Requires <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><spanclass="std std-ref"><spanclass="pre">device</span></span></a></strong></code> and either <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><spanclass="std std-ref"><spanclass="pre">keyfile</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><spanclass="std std-ref"><spanclass="pre">passphrase</span></span></a></strong></code> options to be provided.</p>
<p><codeclass="ansible-value docutils literal notranslate"><spanclass="pre">absent</span></code> will remove existing LUKS container if it exists. Requires <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><spanclass="std std-ref"><spanclass="pre">device</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-name"><spanclass="std std-ref"><spanclass="pre">name</span></span></a></strong></code> to be specified.</p>
<p><codeclass="ansible-value docutils literal notranslate"><spanclass="pre">opened</span></code> will unlock the LUKS container. If it does not exist it will be created first. Requires <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><spanclass="std std-ref"><spanclass="pre">device</span></span></a></strong></code> and either <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><spanclass="std std-ref"><spanclass="pre">keyfile</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><spanclass="std std-ref"><spanclass="pre">passphrase</span></span></a></strong></code> to be specified. Use the <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-name"><spanclass="std std-ref"><spanclass="pre">name</span></span></a></strong></code> option to set the name of the opened container. Otherwise the name will be generated automatically and returned as a part of the result.</p>
<p><codeclass="ansible-value docutils literal notranslate"><spanclass="pre">closed</span></code> will lock the LUKS container. However if the container does not exist it will be created. Requires <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><spanclass="std std-ref"><spanclass="pre">device</span></span></a></strong></code> and either <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><spanclass="std std-ref"><spanclass="pre">keyfile</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><spanclass="std std-ref"><spanclass="pre">passphrase</span></span></a></strong></code> options to be provided. If container does already exist <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><spanclass="std std-ref"><spanclass="pre">device</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-name"><spanclass="std std-ref"><spanclass="pre">name</span></span></a></strong></code> will suffice.</p>
<aclass="ansibleOptionLink"href="#parameter-type"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>This option allow the user explicit define the format of LUKS container that wants to work with. Options are <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">luks1</span></code> or <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">luks2</span></code></p>
<aclass="ansibleOptionLink"href="#parameter-uuid"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>With this option user can identify the LUKS container by UUID.</p>
<p>Will only be used when <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><spanclass="std std-ref"><spanclass="pre">device</span></span></a></strong></code> and <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-label"><spanclass="std std-ref"><spanclass="pre">label</span></span></a></strong></code> are not specified.</p>
</div></td>
</tr>
</tbody>
</table>
</section>
<sectionid="attributes">
<h2><aclass="toc-backref"href="#id4"role="doc-backlink">Attributes</a><aclass="headerlink"href="#attributes"title="Link to this heading"></a></h2>
<td><divclass="ansible-option-cell"><p>Can run in <codeclass="docutils literal notranslate"><spanclass="pre">check_mode</span></code> and return changed status prediction without modifying target.</p>
<td><divclass="ansible-option-cell"><p>Will return details on what has changed (or possibly needs changing in <codeclass="docutils literal notranslate"><spanclass="pre">check_mode</span></code>), when in diff mode.</p>
</div></td>
</tr>
</tbody>
</table>
</section>
<sectionid="examples">
<h2><aclass="toc-backref"href="#id5"role="doc-backlink">Examples</a><aclass="headerlink"href="#examples"title="Link to this heading"></a></h2>
<divclass="highlight-yaml+jinja notranslate"><divclass="highlight"><pre><span></span><spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Create LUKS container (remains unchanged if it already exists)</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Create LUKS container with a passphrase</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Create LUKS container with specific encryption</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">(Create and) open the LUKS container; name it "mycrypt"</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Create container if it does not exist and add new key to it</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Add new key to the LUKS container (container has to exist)</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Add new passphrase to the LUKS container</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Remove existing keyfile from the LUKS container</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Remove existing passphrase from the LUKS container</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Completely remove the LUKS container and its contents</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Create a container with label</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Open the LUKS container based on label without device; name it "mycrypt"</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Close container based on UUID</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Create a container using luks2 format</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Create a container with key in slot 4</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Add a new key in slot 5</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Remove the key from slot 4 (given keyfile must not be slot 4)</span>
<h2><aclass="toc-backref"href="#id6"role="doc-backlink">Return Values</a><aclass="headerlink"href="#return-values"title="Link to this heading"></a></h2>
<p>Common return values are documented <aclass="reference external"href="https://docs.ansible.com/ansible/devel/reference_appendices/common_return_values.html#common-return-values"title="(in Ansible vdevel)"><spanclass="xref std std-ref">here</span></a>, the following are the fields unique to this module:</p>
<aclass="ansibleOptionLink"href="#return-name"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>When <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-luks-device-module-parameter-state"><spanclass="std std-ref"><spanclass="pre">state=opened</span></span></a></code> returns (generated or given) name of LUKS container. Returns None if no name is supplied.</p>
<ahref="gpg_keypair_module.html"class="btn btn-neutral float-left"title="community.crypto.gpg_keypair module – Generate or delete GPG private and public keys"accesskey="p"rel="prev"><spanclass="fa fa-arrow-circle-left"aria-hidden="true"></span> Previous</a>
<ahref="openssh_cert_module.html"class="btn btn-neutral float-right"title="community.crypto.openssh_cert module – Generate OpenSSH host or user certificates."accesskey="n"rel="next">Next <spanclass="fa fa-arrow-circle-right"aria-hidden="true"></span></a>
