java_keystore – Create or delete a Java keystore in JKS format
New in version 2.7.
Synopsis
- Create or delete a Java keystore in JKS format for a given certificate.
Requirements
The below requirements are needed on the host that executes this module.
- openssl
- keytool
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| certificate
- / required
|
Certificate that should be used to create the key store.
|
|
| dest
- / required
|
Absolute path where the jks should be generated.
|
|
| force
boolean
|
|
Key store will be created even if it already exists.
|
| group
-
|
Name of the group that should own jks file.
|
|
| mode
-
|
Mode the file should be.
|
|
| name
- / required
|
Name of the certificate.
|
|
| owner
-
|
Name of the user that should own jks file.
|
|
| password
- / required
|
Password that should be used to secure the key store.
|
|
| private_key
- / required
|
Private key that should be used to create the key store.
|
Examples
# Create a key store for the given certificate (inline)
- java_keystore:
name: example
certificate: |
-----BEGIN CERTIFICATE-----
h19dUZ2co2fI/ibYiwxWk4aeNE6KWvCaTQOMQ8t6Uo2XKhpL/xnjoAgh1uCQN/69
MG+34+RhUWzCfdZH7T8/qDxJw2kEPKluaYh7KnMsba+5jHjmtzix5QIDAQABo4IB
-----END CERTIFICATE-----
private_key: |
-----BEGIN RSA PRIVATE KEY-----
DBVFTEVDVFJJQ0lURSBERSBGUkFOQ0UxFzAVBgNVBAsMDjAwMDIgNTUyMDgxMzE3
GLlDNMw/uHyME7gHFsqJA7O11VY6O5WQ4IDP3m/s5ZV6s+Nn6Lerz17VZ99
-----END RSA PRIVATE KEY-----
password: changeit
dest: /etc/security/keystore.jks
# Create a key store for the given certificate (lookup)
- java_keystore:
name: example
certificate: "{{lookup('file', '/path/to/certificate.crt') }}"
private_key: "{{lookup('file', '/path/to/private.key') }}"
password: changeit
dest: /etc/security/keystore.jks
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| cmd
string
|
changed and failure |
Executed command to get action done
Sample:
openssl x509 -noout -in /tmp/cert.crt -fingerprint -sha1
|
| msg
string
|
changed and failure |
Output from stdout of keytool/openssl command after execution of given command or an error.
Sample:
Unable to find the current certificate fingerprint in ...
|
| rc
integer
|
changed and failure |
keytool/openssl command execution return value
Sample:
0
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Guillaume Grossetie (@Mogztter)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/java_keystore_module.html