Note
This module is part of ansible-core
and included in all Ansible installations. In most cases, you can use the short module name apt_key
even without specifying the collections:
keyword. However, we recommend you use the FQCN for easy linking to the module documentation and to avoid conflicting with other collections that may have the same module name.
New in version 1.0: of ansible.builtin
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments |
---|---|---|
data string | The keyfile contents to add to the keyring. | |
file path | The path to a keyfile on the remote server to add to the keyring. | |
id string | The identifier of the key. Including this allows check mode to correctly report the changed state. If specifying a subkey's id be aware that apt-key does not understand how to remove keys via a subkey id. Specify the primary key's id instead. This parameter is required when state is set to absent . | |
keyring path added in 1.3 of ansible.builtin | The full path to specific keyring file in /etc/apt/trusted.gpg.d/ . | |
keyserver string added in 1.6 of ansible.builtin | The keyserver to retrieve key from. | |
state string |
| Ensures that the key is present (added) or absent (revoked). |
url string | The URL to retrieve key from. | |
validate_certs boolean |
| If no , SSL certificates for the target url will not be validated. This should only be used on personally controlled sites using self-signed certificates. |
Note
apt-key adv --list-public-keys --with-fingerprint --with-colons
.state=present
, the task can verify or add the key as needed.check_mode
.- name: Add an apt key by id from a keyserver ansible.builtin.apt_key: keyserver: keyserver.ubuntu.com id: 36A1D7869245C8950F966E92D8576A8BA88D21E9 - name: Add an Apt signing key, uses whichever key is at the URL ansible.builtin.apt_key: url: https://ftp-master.debian.org/keys/archive-key-6.0.asc state: present - name: Add an Apt signing key, will not download if present ansible.builtin.apt_key: id: 9FED2BCBDCD29CDF762678CBAED4B06F473041FA url: https://ftp-master.debian.org/keys/archive-key-6.0.asc state: present - name: Remove a Apt specific signing key, leading 0x is valid ansible.builtin.apt_key: id: 0x9FED2BCBDCD29CDF762678CBAED4B06F473041FA state: absent # Use armored file since utf-8 string is expected. Must be of "PGP PUBLIC KEY BLOCK" type. - name: Add a key from a file on the Ansible server ansible.builtin.apt_key: data: "{{ lookup('file', 'apt.asc') }}" state: present - name: Add an Apt signing key to a specific keyring file ansible.builtin.apt_key: id: 9FED2BCBDCD29CDF762678CBAED4B06F473041FA url: https://ftp-master.debian.org/keys/archive-key-6.0.asc keyring: /etc/apt/trusted.gpg.d/debian.gpg - name: Add Apt signing key on remote server to keyring ansible.builtin.apt_key: id: 9FED2BCBDCD29CDF762678CBAED4B06F473041FA file: /tmp/apt.gpg state: present
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
after list / elements=string | on change | List of apt key ids or fingerprints after any modification Sample: ['D8576A8BA88D21E9', '3B4FE6ACC0B21F32', 'D94AA3F0EFE21092', '871920D1991BC93C'] |
before list / elements=string | always | List of apt key ids or fingprints before any modifications Sample: ['3B4FE6ACC0B21F32', 'D94AA3F0EFE21092', '871920D1991BC93C'] |
fp string | always | Fingerprint of the key to import Sample: D8576A8BA88D21E9 |
id string | always | key id from source Sample: 36A1D7869245C8950F966E92D8576A8BA88D21E9 |
key_id string | always | calculated key id, it should be same as 'id', but can be different Sample: 36A1D7869245C8950F966E92D8576A8BA88D21E9 |
short_id string | always | caclulated short key id Sample: A88D21E9 |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/apt_key_module.html