W3cubDocs

/Ansible

apt_key - Add or remove an apt key

Synopsis

  • Add or remove an apt key, optionally downloading it

Options

parameter required default choices comments
data
no none
keyfile contents to add to the keyring
file
no none
path to a keyfile on the remote server to add to the keyring
id
no none
identifier of key. Including this allows check mode to correctly report the changed state.
If specifying a subkey's id be aware that apt-key does not understand how to remove keys via a subkey id. Specify the primary key's id instead.
keyring
(added in 1.3)
no none
path to specific keyring file in /etc/apt/trusted.gpg.d
keyserver
(added in 1.6)
no none
keyserver to retrieve key from.
state
no present
  • absent
  • present
used to specify if key is being added or revoked
url
no none
url to retrieve key from.
validate_certs
no yes
  • yes
  • no
If no, SSL certificates for the target url will not be validated. This should only be used on personally controlled sites using self-signed certificates.

Examples

# Add an apt key by id from a keyserver
- apt_key:
    keyserver: keyserver.ubuntu.com
    id: 36A1D7869245C8950F966E92D8576A8BA88D21E9

# Add an Apt signing key, uses whichever key is at the URL
- apt_key:
    url: "https://ftp-master.debian.org/keys/archive-key-6.0.asc"
    state: present

# Add an Apt signing key, will not download if present
- apt_key:
    id: 473041FA
    url: "https://ftp-master.debian.org/keys/archive-key-6.0.asc"
    state: present

# Remove an Apt signing key, uses whichever key is at the URL
- apt_key:
    url: "https://ftp-master.debian.org/keys/archive-key-6.0.asc"
    state: absent

# Remove a Apt specific signing key, leading 0x is valid
- apt_key:
    id: 0x473041FA
    state: absent

# Add a key from a file on the Ansible server. Use armored file since utf-8 string is expected. Must be of "PGP PUBLIC KEY BLOCK" type.
- apt_key:
    data: "{{ lookup('file', 'apt.asc') }}"
    state: present

# Add an Apt signing key to a specific keyring file
- apt_key:
    id: 473041FA
    url: "https://ftp-master.debian.org/keys/archive-key-6.0.asc"
    keyring: /etc/apt/trusted.gpg.d/debian.gpg

# Add Apt signing key on remote server to keyring
- apt_key:
    id: 473041FA
    file: /tmp/apt.gpg
    state: present

Notes

Note

  • doesn’t download the key unless it really needs it
  • as a sanity check, downloaded key id must match the one specified
  • best practice is to specify the key id and the url

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Support

This module is maintained by those with core commit privileges

For more information on what this means please read Module Support

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2017 Michael DeHaan
© 2017 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/apt_key_module.html