community.crypto.gpg_keypair module – Generate or delete GPG private and public keys
Note
This module is part of the community.crypto collection (version 2.20.0).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.crypto.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.crypto.gpg_keypair.
New in community.crypto 2.20.0
Synopsis
This module allows one to generate or delete GPG private and public keys using GnuPG (gpg).
Requirements
The below requirements are needed on the host that executes this module.
gpg >= 2.1
Parameters
Parameter |
Comments |
|---|---|
Specifies a comment for the key’s user id. |
|
Specifies an email for the key’s user id. |
|
Sets the expire date for the key. If If If If If If left unspecified, any created GPG keys never expire. |
|
Specifies keys to match against. Default: |
|
If This parameter does not override This parameter is ignored if Choices:
|
|
For ECC keys, this specifies the curve used to generate the keys. If If This is required if Choices:
|
|
For non-ECC keys, this specifies the number of bits in the key to create. For RSA keys, the minimum is For DSA keys, the minimum is As per gpg’s behavior, values below the allowed ranges will be set to the respective defaults, and values above will saturate at the maximum. |
|
Specifies the type of key to create. Choices:
|
|
Specifies usage(s) for key.
If not usage is specified, all of valid usages for the given key type are assigned.
Choices:
Default: |
|
Specifies a name for the key’s user id. |
|
Passphrase used to decrypt an existing private key or encrypt a newly generated private key. |
|
Whether the private and public keys should exist or not, taking action if the state is different from what is stated. Choices:
|
|
List of subkeys with their own respective key types, lengths, curves, and usages. Default: |
|
Similar to
This is required if subkey_type is Choices:
|
|
Similar to For ELG subkeys, the minimum length is |
|
Similar to Also supports ECDH and ELG keys. Choices:
|
|
Similar to
If subkey_type is Choices:
Default: |
Attributes
Attribute |
Support |
Description |
|---|---|---|
Support: full |
Can run in check_mode and return changed status prediction without modifying target. |
|
Support: none |
Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode. |
Notes
Note
If a user-id is provided, the module’s options are matched against all keys with said user-id.
If a fingerprint is provided but no user-id is provided, the module’s options are matched against the fingerprint(s).
If neither a fingerprint or user-id is provided, the module’s options are matched against all keys.
Examples
- name: Generate the default GPG keypair
community.crypto.gpg_keypair:
- name: Generate the default GPG keypair with a passphrase
community.crypto.gpg_keypair:
passphrase: '{{ passphrase }}'
- name: Generate a RSA GPG keypair with the default RSA size (2048 bits)
community.crypto.gpg_keypair:
key_type: RSA
- name: Generate a RSA GPG keypair with custom size (4096 bits)
community.crypto.gpg_keypair:
key_type: RSA
key_length: 4096
- name: Generate an ECC GPG keypair
community.crypto.gpg_keypair:
key_type: EDDSA
key_curve: ed25519
- name: Generate a GPG keypair and with a subkey
community.crypto.gpg_keypair:
subkeys:
- { subkey_type: ECDH, subkey_curve: cv25519 }
- name: Generate a GPG keypair with custom user-id
community.crypto.gpg_keypair:
name: name
comment: comment
email: name@email.com
- name: Delete a GPG keypair matching a specified fingerprint
community.crypto.gpg_keypair:
state: absent
fingerprints:
- ABC123...
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
Indicates if changes were made to GPG keyring. Returned: success Sample: |
|
Fingerprint(s) of matching, created, or deleted primary key(s). Returned: success Sample: |