Parameter | Choices/Defaults | Comments |
---|---|---|
data
-
|
The keyfile contents to add to the keyring.
|
|
file
-
|
The path to a keyfile on the remote server to add to the keyring.
|
|
id
-
|
The identifier of the key.
Including this allows check mode to correctly report the changed state.
If specifying a subkey's id be aware that apt-key does not understand how to remove keys via a subkey id. Specify the primary key's id instead.
This parameter is required when
state is set to absent . |
|
keyring
-
|
The full path to specific keyring file in /etc/apt/trusted.gpg.d/
|
|
keyserver
-
|
The keyserver to retrieve key from.
|
|
state
-
|
|
Ensures that the key is present (added) or absent (revoked).
|
url
-
|
The URL to retrieve key from.
|
|
validate_certs
boolean
|
|
If
no , SSL certificates for the target url will not be validated. This should only be used on personally controlled sites using self-signed certificates. |
Note
apt-key adv --list-public-keys --with-fingerprint --with-colons
.state=present
, the task can verify or add the key as needed.- name: Add an apt key by id from a keyserver
apt_key:
keyserver: keyserver.ubuntu.com
id: 36A1D7869245C8950F966E92D8576A8BA88D21E9
- name: Add an Apt signing key, uses whichever key is at the URL
apt_key:
url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
state: present
- name: Add an Apt signing key, will not download if present
apt_key:
id: 9FED2BCBDCD29CDF762678CBAED4B06F473041FA
url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
state: present
- name: Remove a Apt specific signing key, leading 0x is valid
apt_key:
id: 0x9FED2BCBDCD29CDF762678CBAED4B06F473041FA
state: absent
# Use armored file since utf-8 string is expected. Must be of "PGP PUBLIC KEY BLOCK" type.
- name: Add a key from a file on the Ansible server.
apt_key:
data: "{{ lookup('file', 'apt.asc') }}"
state: present
- name: Add an Apt signing key to a specific keyring file
apt_key:
id: 9FED2BCBDCD29CDF762678CBAED4B06F473041FA
url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
keyring: /etc/apt/trusted.gpg.d/debian.gpg
- name: Add Apt signing key on remote server to keyring
apt_key:
id: 9FED2BCBDCD29CDF762678CBAED4B06F473041FA
file: /tmp/apt.gpg
state: present
More information about Red Hat’s support of this module is available from this Red Hat Knowledge Base article.
Hint
If you notice any issues in this documentation you can edit this document to improve it.