Provides modules for Ansible for various cryptographic operations.
You can find documentation for this collection on the Ansible docs site.
Please note that this collection does not support Windows targets.
Tested with the current Ansible 2.9, ansible-base 2.10, ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, and ansible-core 2.14 releases and the current development version of ansible-core. Ansible versions before 2.9.10 are not supported.
The exact requirements for every module are listed in the module documentation.
Most modules require a recent enough version of the Python cryptography library. See the module documentations for the minimal version supported for each module.
- OpenSSL / PKI modules:
- openssl_csr_info
- openssl_csr
- openssl_dhparam
- openssl_pkcs12
- openssl_privatekey_info
- openssl_privatekey
- openssl_publickey
- openssl_signature_info
- openssl_signature
- x509_certificate_info
- x509_certificate
- x509_crl_info
- x509_crl
- certificate_complete_chain
- OpenSSH modules:
- openssh_cert
- openssh_keypair
- ACME modules:
- acme_account_info
- acme_account
- acme_certificate
- acme_certificate_revoke
- acme_challenge_cert_helper
- acme_inspect
- ECS modules:
- ecs_certificate
- ecs_domain
- Miscellaneous modules:
- get_certificate
- luks_device
You can also find a list of all modules with documentation on the Ansible docs site.
Before using the crypto community collection, you need to install the collection with the ansible-galaxy CLI:
ansible-galaxy collection install community.crypto
You can also include it in a requirements.yml file and install it via ansible-galaxy collection install -r requirements.yml using the format:
collections:
- name: community.cryptoSee Ansible Using collections for more details.
We're following the general Ansible contributor guidelines; see Ansible Community Guide.
If you want to clone this repositority (or a fork of it) to improve it, you can proceed as follows:
- Create a directory
ansible_collections/community; - In there, checkout this repository (or a fork) as
crypto; - Add the directory containing
ansible_collectionsto your ANSIBLE_COLLECTIONS_PATH.
See Ansible's dev guide for more information.
See the changelog.
We plan to regularly release minor and patch versions, whenever new features are added or bugs fixed. Our collection follows semantic versioning, so breaking changes will only happen in major releases.
Most modules will drop PyOpenSSL support in version 2.0.0 of the collection, i.e. in the next major version. We currently plan to release 2.0.0 somewhen during 2021. Around then, the supported versions of the most common distributions will contain a new enough version of cryptography.
Once 2.0.0 has been released, bugfixes will still be backported to 1.0.0 for some time, and some features might also be backported. If we do not want to backport something ourselves because we think it is not worth the effort, backport PRs by non-maintainers are usually accepted.
In 2.0.0, the following notable features will be removed:
- PyOpenSSL backends of all modules, except
openssl_pkcs12which does not have acryptographybackend due to lack of support of PKCS#12 functionality incryptography. - The
assertonlyprovider ofx509_certificatewill be removed.
- Ansible Collection overview
- Ansible User guide
- Ansible Developer guide
- Ansible Community code of conduct
This collection is primarily licensed and distributed as a whole under the GNU General Public License v3.0 or later.
See LICENSES/GPL-3.0-or-later.txt for the full text.
Parts of the collection are licensed under the Apache 2.0 license (plugins/module_utils/crypto/_obj2txt.py and plugins/module_utils/crypto/_objects_data.py), the BSD 2-Clause license (plugins/module_utils/ecs/api.py), the BSD 3-Clause license (plugins/module_utils/crypto/_obj2txt.py), and the PSF 2.0 license (plugins/module_utils/_version.py). This only applies to vendored files in plugins/module_utils/ and to the ECS module utils.
Almost all files have a machine readable SDPX-License-Identifier: comment denoting its respective license(s) or an equivalent entry in an accompanying .license file. Only changelog fragments (which will not be part of a release) are covered by a blanket statement in .reuse/dep5. Right now a few vendored PEM files do not have licensing information as well. This conforms to the REUSE specification up to the aforementioned PEM files.