a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

deploy: ddbcf49868

gh-pages
felixfontein 2024-12-28 16:09:17 +00:00
parent 448fad1fe0
commit eb959c32be
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
branch/main/acme_certificate_module.html
View File

@ -204,7 +204,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<ul class="simple"> <ul class="simple">
<li><p>Create and renew SSL/TLS certificates with a CA supporting the <a class="reference external" href="https://tools.ietf.org/html/rfc8555">ACME protocol</a>, such as <a class="reference external" href="https://letsencrypt.org/">Lets Encrypt</a> or <a class="reference external" href="https://www.buypass.com/">Buypass</a>. The current implementation supports the <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code> and <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> challenges.</p></li> <li><p>Create and renew SSL/TLS certificates with a CA supporting the <a class="reference external" href="https://tools.ietf.org/html/rfc8555">ACME protocol</a>, such as <a class="reference external" href="https://letsencrypt.org/">Lets Encrypt</a> or <a class="reference external" href="https://www.buypass.com/">Buypass</a>. The current implementation supports the <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code> and <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> challenges.</p></li>
<li><p>To use this module, it has to be executed twice. Either as two different tasks in the same run or during two runs. Note that the output of the first run needs to be recorded and passed to the second run as the module argument <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-data"><span class="std std-ref"><span class="pre">data</span></span></a></strong></code>.</p></li> <li><p>To use this module, it has to be executed twice. Either as two different tasks in the same run or during two runs. Note that the output of the first run needs to be recorded and passed to the second run as the module argument <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-data"><span class="std std-ref"><span class="pre">data</span></span></a></strong></code>.</p></li>
<li><p>Between these two tasks you have to fulfill the required steps for the chosen challenge by whatever means necessary. For <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code> that means creating the necessary challenge file on the destination webserver. For <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code> the necessary dns record has to be created. For <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> the necessary certificate has to be created and served. It is <em>not</em> the responsibility of this module to perform these steps.</p></li> <li><p>Between these two tasks you have to fulfill the required steps for the chosen challenge by whatever means necessary. For <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code> that means creating the necessary challenge file on the destination webserver. For <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code> the necessary DNS record has to be created. For <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> the necessary certificate has to be created and served. It is <em>not</em> the responsibility of this module to perform these steps.</p></li>
<li><p>For details on how to fulfill these challenges, you might have to read through <a class="reference external" href="https://tools.ietf.org/html/rfc8555#section-8">the main ACME specification</a> and the <a class="reference external" href="https://www.rfc-editor.org/rfc/rfc8737.html#section-3">TLS-ALPN-01 specification</a>. Also, consider the examples provided for this module.</p></li> <li><p>For details on how to fulfill these challenges, you might have to read through <a class="reference external" href="https://tools.ietf.org/html/rfc8555#section-8">the main ACME specification</a> and the <a class="reference external" href="https://www.rfc-editor.org/rfc/rfc8737.html#section-3">TLS-ALPN-01 specification</a>. Also, consider the examples provided for this module.</p></li>
<li><p>The module includes experimental support for IP identifiers according to the <a class="reference external" href="https://www.rfc-editor.org/rfc/rfc8738.html">RFC 8738</a>.</p></li> <li><p>The module includes experimental support for IP identifiers according to the <a class="reference external" href="https://www.rfc-editor.org/rfc/rfc8738.html">RFC 8738</a>.</p></li>
</ul> </ul>

4
branch/main/openssl_privatekey_module.html
View File

@ -202,7 +202,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
<ul class="simple"> <ul class="simple">
<li><p>Keys are generated in PEM format.</p></li> <li><p>Keys are generated in PEM format.</p></li>
<li><p>One can generate <a class="reference external" href="https://en.wikipedia.org/wiki/RSA_%2528cryptosystem%2529">RSA</a>, <a class="reference external" href="https://en.wikipedia.org/wiki/Digital_Signature_Algorithm">DSA</a>, <a class="reference external" href="https://en.wikipedia.org/wiki/Elliptic-curve_cryptography">ECC</a> or <a class="reference external" href="https://en.wikipedia.org/wiki/EdDSA">EdDSA</a> private keys.</p></li> <li><p>One can generate <a class="reference external" href="https://en.wikipedia.org/wiki/RSA_%2528cryptosystem%2529">RSA</a>, <a class="reference external" href="https://en.wikipedia.org/wiki/Digital_Signature_Algorithm">DSA</a>, <a class="reference external" href="https://en.wikipedia.org/wiki/Elliptic-curve_cryptography">ECC</a> or <a class="reference external" href="https://en.wikipedia.org/wiki/EdDSA">EdDSA</a> private keys.</p></li>
<li><p>Please note that the module regenerates private keys if they do not match the modules options. In particular, if you provide another passphrase (or specify none), change the keysize, etc., the private key will be regenerated. If you are concerned that this could <strong>overwrite your private key</strong>, consider using the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-openssl-privatekey-module-parameter-backup"><span class="std std-ref"><span class="pre">backup</span></span></a></strong></code> option.</p></li> <li><p>Please note that the module regenerates private keys if they do not match the modules options. In particular, if you provide another passphrase (or specify none), change the keysize, and so on, the private key will be regenerated. If you are concerned that this could <strong>overwrite your private key</strong>, consider using the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-openssl-privatekey-module-parameter-backup"><span class="std std-ref"><span class="pre">backup</span></span></a></strong></code> option.</p></li>
<li><p>The default mode for the private key file will be <code class="ansible-value docutils literal notranslate"><span class="pre">0600</span></code> if <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-openssl-privatekey-module-parameter-mode"><span class="std std-ref"><span class="pre">mode</span></span></a></strong></code> is not explicitly set.</p></li> <li><p>The default mode for the private key file will be <code class="ansible-value docutils literal notranslate"><span class="pre">0600</span></code> if <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-openssl-privatekey-module-parameter-mode"><span class="std std-ref"><span class="pre">mode</span></span></a></strong></code> is not explicitly set.</p></li>
<li><p>This module allows one to (re)generate OpenSSL private keys.</p></li> <li><p>This module allows one to (re)generate OpenSSL private keys.</p></li>
</ul> </ul>
@ -407,7 +407,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
<p><em class="ansible-option-versionadded">added in community.crypto 1.0.0</em></p> <p><em class="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
</div></td> </div></td>
<td><div class="ansible-option-cell"><p>If set to <code class="ansible-value docutils literal notranslate"><span class="pre">true</span></code>, will return the (current or generated) private keys content as <code class="ansible-return-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-openssl-privatekey-module-return-privatekey"><span class="std std-ref"><span class="pre">privatekey</span></span></a></code>.</p> <td><div class="ansible-option-cell"><p>If set to <code class="ansible-value docutils literal notranslate"><span class="pre">true</span></code>, will return the (current or generated) private keys content as <code class="ansible-return-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-openssl-privatekey-module-return-privatekey"><span class="std std-ref"><span class="pre">privatekey</span></span></a></code>.</p>
<p>Note that especially if the private key is not encrypted, you have to make sure that the returned value is treated appropriately and not accidentally written to logs etc.! Use with care!</p> <p>Note that especially if the private key is not encrypted, you have to make sure that the returned value is treated appropriately and not accidentally written to logs, and so on! Use with care!</p>
<p>Use Ansibles <code class="docutils literal notranslate"><span class="pre">no_log</span></code> task option to avoid the output being shown. See also <a class="reference external" href="https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-keep-secret-data-in-my-playbook">https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-keep-secret-data-in-my-playbook</a>.</p> <p>Use Ansibles <code class="docutils literal notranslate"><span class="pre">no_log</span></code> task option to avoid the output being shown. See also <a class="reference external" href="https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-keep-secret-data-in-my-playbook">https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-keep-secret-data-in-my-playbook</a>.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p> <p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple"> <ul class="simple">