internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-05-08 14:22:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

deploy: ccb4ecfbd8

Browse Source
This commit is contained in:
felixfontein
2025-01-02 14:22:25 +00:00
parent ef0878833c
commit a42329ff4d
96 changed files with 2856 additions and 1976 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
pr/757/openssl_privatekey_pipe_module.html
View File

@@ -1,8 +1,10 @@
<!DOCTYPE html>
<html class="writer-html5" lang="en" data-content_root="./">
<head>
<meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
<meta content="2.11.0" name="antsibull-docs" />
<meta content="2.16.2" name="antsibull-docs" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>community.crypto.openssl_privatekey_pipe module Generate OpenSSL private keys without disk access &mdash; Community.Crypto Collection documentation</title>
@@ -13,18 +15,14 @@
<link rel="shortcut icon" href="_static/images/Ansible-Mark-RGB_Black.png"/>
<!--[if lt IE 9]>
<script src="_static/js/html5shiv.min.js"></script>
<![endif]-->
<script src="_static/jquery.js?v=5d32c60e"></script>
<script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
<script src="_static/documentation_options.js?v=7f41d439"></script>
<script src="_static/doctools.js?v=9a2dae69"></script>
<script src="_static/sphinx_highlight.js?v=dc90522c"></script>
<script src="_static/jquery.js?v=5d32c60e"></script>
<script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
<script src="_static/documentation_options.js?v=7f41d439"></script>
<script src="_static/doctools.js?v=9bcbadda"></script>
<script src="_static/sphinx_highlight.js?v=dc90522c"></script>
<script src="_static/js/theme.js"></script>
<link rel="search" title="Search" href="search.html" />
<link rel="next" title="community.crypto.openssl_publickey module Generate an OpenSSL public key from its private key." href="openssl_publickey_module.html" />
<link rel="next" title="community.crypto.openssl_publickey module Generate an OpenSSL public key from its private key" href="openssl_publickey_module.html" />
<link rel="prev" title="community.crypto.openssl_privatekey_info module Provide information for OpenSSL private keys" href="openssl_privatekey_info_module.html" /><!-- extra head elements for Ansible beyond RTD Sphinx Theme -->
@@ -102,7 +100,7 @@
<li class="toctree-l1"><a class="reference internal" href="ecs_domain_module.html">community.crypto.ecs_domain module Request validation of a domain with the Entrust Certificate Services (ECS) API</a></li>
<li class="toctree-l1"><a class="reference internal" href="get_certificate_module.html">community.crypto.get_certificate module Get a certificate from a host:port</a></li>
<li class="toctree-l1"><a class="reference internal" href="luks_device_module.html">community.crypto.luks_device module Manage encrypted (LUKS) devices</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssh_cert_module.html">community.crypto.openssh_cert module Generate OpenSSH host or user certificates.</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssh_cert_module.html">community.crypto.openssh_cert module Generate OpenSSH host or user certificates</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssh_keypair_module.html">community.crypto.openssh_keypair module Generate OpenSSH private and public keys</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_csr_module.html">community.crypto.openssl_csr module Generate OpenSSL Certificate Signing Request (CSR)</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_csr_info_module.html">community.crypto.openssl_csr_info module Provide information of OpenSSL Certificate Signing Requests (CSR)</a></li>
@@ -126,7 +124,7 @@
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="openssl_publickey_module.html">community.crypto.openssl_publickey module Generate an OpenSSL public key from its private key.</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_publickey_module.html">community.crypto.openssl_publickey module Generate an OpenSSL public key from its private key</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_publickey_info_module.html">community.crypto.openssl_publickey_info module Provide information for OpenSSL public keys</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_signature_module.html">community.crypto.openssl_signature module Sign data with openssl</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_signature_info_module.html">community.crypto.openssl_signature_info module Verify signatures with openssl</a></li>
@@ -184,7 +182,7 @@
<h1>community.crypto.openssl_privatekey_pipe module Generate OpenSSL private keys without disk access<a class="headerlink" href="#community-crypto-openssl-privatekey-pipe-module-generate-openssl-private-keys-without-disk-access" title="Link to this heading"></a></h1>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>This module is part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.21.0).</p>
<p>This module is part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.24.0).</p>
<p>It is not included in <code class="docutils literal notranslate"><span class="pre">ansible-core</span></code>.
To check whether it is installed, run <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">list</span></code>.</p>
<p>To install it, use: <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">install</span> <span class="pre">community.crypto</span></code>.
@@ -239,7 +237,9 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
<div class="ansibleOptionAnchor" id="parameter-cipher"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-openssl-privatekey-pipe-module-parameter-cipher"><strong>cipher</strong></p>
<a class="ansibleOptionLink" href="#parameter-cipher" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>The cipher to encrypt the private key. Must be <code class="ansible-value docutils literal notranslate"><span class="pre">auto</span></code>.</p>
<td><div class="ansible-option-cell"><p>The cipher to encrypt the private key. This is only used when <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-openssl-privatekey-pipe-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code> is provided.</p>
<p>Must be <code class="ansible-value docutils literal notranslate"><span class="pre">auto</span></code>.</p>
<p class="ansible-option-line"><strong class="ansible-option-default-bold">Default:</strong> <code class="ansible-option-default docutils literal notranslate"><span class="pre">&quot;auto&quot;</span></code></p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
@@ -456,6 +456,16 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
<td><div class="ansible-option-cell"><p>Will return details on what has changed (or possibly needs changing in <code class="docutils literal notranslate"><span class="pre">check_mode</span></code>), when in diff mode.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="attribute-idempotent"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-openssl-privatekey-pipe-module-attribute-idempotent"><strong>idempotent</strong></p>
<a class="ansibleOptionLink" href="#attribute-idempotent" title="Permalink to this attribute"></a></div></td>
<td><div class="ansible-option-cell"><p><strong class="ansible-attribute-support-label">Support: </strong><strong class="ansible-attribute-support-partial">partial</strong></p>
<p>The option <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-openssl-privatekey-pipe-module-parameter-regenerate"><span class="std std-ref"><span class="pre">regenerate=always</span></span></a></code> generally disables idempotency.</p>
</div></td>
<td><div class="ansible-option-cell"><p>When run twice in a row outside check mode, with the same arguments, the second invocation indicates no change.</p>
<p>This assumes that the system controlled/queried by the module has not changed in a relevant way.</p>
</div></td>
</tr>
</tbody>
</table>
</section>
@@ -490,21 +500,25 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL private key with the default values (4096 bits, RSA)</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey_pipe</span><span class="p">:</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">output</span>
<span class="w"> </span><span class="nt">no_log</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"> </span><span class="c1"># make sure that private key data is not accidentally revealed in logs!</span>
<span class="w"> </span><span class="nt">no_log</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"> </span><span class="c1"># make sure that private key data is not accidentally revealed in logs!</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show generated key</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">output.privatekey</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="c1"># DO NOT OUTPUT KEY MATERIAL TO CONSOLE OR LOGS IN PRODUCTION!</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate or update a Mozilla sops encrypted key</span>
<span class="c1"># The following example needs CNCF SOPS (https://github.com/getsops/sops) set up and</span>
<span class="c1"># the community.sops collection installed. See also</span>
<span class="c1"># https://docs.ansible.com/ansible/latest/collections/community/sops/docsite/guide.html</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate or update a CNCF SOPS encrypted key</span>
<span class="w"> </span><span class="nt">block</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Update sops-encrypted key with the community.sops collection</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Update SOPS-encrypted key with the community.sops collection</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey_pipe</span><span class="p">:</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;community.sops.sops&#39;</span><span class="o">,</span> <span class="s1">&#39;private_key.pem.sops&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">size</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2048</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">output</span>
<span class="w"> </span><span class="nt">no_log</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"> </span><span class="c1"># make sure that private key data is not accidentally revealed in logs!</span>
<span class="w"> </span><span class="nt">no_log</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"> </span><span class="c1"># make sure that private key data is not accidentally revealed in logs!</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Update encrypted key when openssl_privatekey_pipe reported a change</span>
<span class="w"> </span><span class="nt">community.sops.sops_encrypt</span><span class="p">:</span>
@@ -588,6 +602,8 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
<ul class="ansible-links">
<li><span><a aria-role="button" class="ansible-link reference external" href="https://github.com/ansible-collections/community.crypto/issues" rel="noopener external" target="_blank">Issue Tracker</a></span></li>
<li><span><a aria-role="button" class="ansible-link reference external" href="https://github.com/ansible-collections/community.crypto" rel="noopener external" target="_blank">Repository (Sources)</a></span></li>
<li><span><a aria-role="button" class="ansible-link reference external" href="https://forum.ansible.com/tags/c/help/6/none/crypto" rel="noopener external" target="_blank">Ask for help (crypto)</a></span></li>
<li><span><a aria-role="button" class="ansible-link reference external" href="https://forum.ansible.com/tags/c/help/6/none/acme" rel="noopener external" target="_blank">Ask for help (ACME)</a></span></li>
<li><span><a aria-role="button" class="ansible-link reference external" href="https://github.com/ansible-collections/community.crypto/issues/new?assignees=&amp;labels=&amp;template=bug_report.md" rel="noopener external" target="_blank">Submit a bug report</a></span></li>
<li><span><a aria-role="button" class="ansible-link reference external" href="https://github.com/ansible-collections/community.crypto/issues/new?assignees=&amp;labels=&amp;template=feature_request.md" rel="noopener external" target="_blank">Request a feature</a></span></li>
<li><span><a class="reference internal" href="index.html#communication-for-community-crypto"><span class="std std-ref">Communication</span></a></span></li>
@@ -603,7 +619,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
<footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
<a href="openssl_privatekey_info_module.html" class="btn btn-neutral float-left" title="community.crypto.openssl_privatekey_info module Provide information for OpenSSL private keys" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
<a href="openssl_publickey_module.html" class="btn btn-neutral float-right" title="community.crypto.openssl_publickey module Generate an OpenSSL public key from its private key." accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
<a href="openssl_publickey_module.html" class="btn btn-neutral float-right" title="community.crypto.openssl_publickey module Generate an OpenSSL public key from its private key" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
</div>
<hr/>