apt_key - Add or remove an apt key

Author:Jayson Vantuyl & others

Synopsis

New in version 1.0.

Add or remove an apt key, optionally downloading it

Options

parameter required default choices comments
data no none
    keyfile contents
    file no none
      keyfile path
      id no none
        identifier of key
        keyring no none
          path to specific keyring file in /etc/apt/trusted.gpg.d (added in Ansible 1.3)
          keyserver no none
            keyserver to retrieve key from. (added in Ansible 1.6)
            state no present
            • absent
            • present
            used to specify if key is being added or revoked
            url no none
              url to retrieve key from.
              validate_certs no yes
              • yes
              • no
              If no, SSL certificates for the target url will not be validated. This should only be used on personally controlled sites using self-signed certificates.

              Examples


              # Add an Apt signing key, uses whichever key is at the URL
              - apt_key: url=https://ftp-master.debian.org/keys/archive-key-6.0.asc state=present
              
              # Add an Apt signing key, will not download if present
              - apt_key: id=473041FA url=https://ftp-master.debian.org/keys/archive-key-6.0.asc state=present
              
              # Remove an Apt signing key, uses whichever key is at the URL
              - apt_key: url=https://ftp-master.debian.org/keys/archive-key-6.0.asc state=absent
              
              # Remove a Apt specific signing key, leading 0x is valid
              - apt_key: id=0x473041FA state=absent
              
              # Add a key from a file on the Ansible server
              - apt_key: data="{{ lookup('file', 'apt.gpg') }}" state=present
              
              # Add an Apt signing key to a specific keyring file
              - apt_key: id=473041FA url=https://ftp-master.debian.org/keys/archive-key-6.0.asc keyring=/etc/apt/trusted.gpg.d/debian.gpg state=present
              

              Note

              doesn’t download the key unless it really needs it

              Note

              as a sanity check, downloaded key id must match the one specified

              Note

              best practice is to specify the key id and the url

              Table Of Contents

              Previous topic

              apt - Manages apt-packages

              Next topic

              apt_repository - Add and remove APT repositories