community.crypto.openssl_signature module – Sign data with openssl
Note
This module is part of the community.crypto collection (version 2.22.0).
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.crypto
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.crypto.openssl_signature
.
New in community.crypto 1.1.0
Synopsis
This module allows one to sign data using a private key.
The module uses the cryptography Python library.
Requirements
The below requirements are needed on the host that executes this module.
cryptography >= 1.4 (some key types require newer versions)
Parameters
Parameter |
Comments |
---|---|
The file to sign. This file will only be read and not modified. |
|
The content of the private key to use when signing the certificate signing request. Either |
|
The passphrase for the private key. This is required if the private key is password protected. |
|
The path to the private key to use when signing. Either |
|
Determines which crypto backend to use. The default choice is If set to Choices:
|
Attributes
Attribute |
Support |
Description |
---|---|---|
Support: full This action does not modify state. |
Can run in |
|
Support: none |
Will return details on what has changed (or possibly needs changing in |
Notes
Note
When using the
cryptography
backend, the following key types require at least the followingcryptography
version: RSA keys:cryptography
>= 1.4 DSA and ECDSA keys:cryptography
>= 1.5 ed448 and ed25519 keys:cryptography
>= 2.6
See Also
See also
- community.crypto.openssl_signature_info
Verify signatures with openssl.
- community.crypto.openssl_privatekey
Generate OpenSSL private keys.
Examples
- name: Sign example file
community.crypto.openssl_signature:
privatekey_path: private.key
path: /tmp/example_file
register: sig
- name: Verify signature of example file
community.crypto.openssl_signature_info:
certificate_path: cert.pem
path: /tmp/example_file
signature: "{{ sig.signature }}"
register: verify
- name: Make sure the signature is valid
ansible.builtin.assert:
that:
- verify.valid
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Base64 encoded signature. Returned: success |