ansible.builtin.rpm_key module – Adds or removes a gpg key from the rpm db

Note

This module is part of ansible-core and included in all Ansible installations. In most cases, you can use the short module name rpm_key even without specifying the collections keyword. However, we recommend you use the Fully Qualified Collection Name (FQCN) ansible.builtin.rpm_key for easy linking to the module documentation and to avoid conflicting with other collections that may have the same module name.

Synopsis

  • Adds or removes rpm --import a gpg key to your rpm database.

Parameters

Parameter

Comments

fingerprint

list / elements=string

added in Ansible 2.9

The long-form fingerprint of the key being imported.

This will be used to verify the specified key.

key

string / required

Key that will be modified. Can be a url, a file on the managed node, or a keyid if the key already exists in the database.

This can also be the fingerprint when attempting to delete an already installed key.

state

string

If the key will be imported or removed from the rpm db.

Choices:

  • "absent"

  • "present" ← (default)

validate_certs

boolean

If false and the key is a url starting with https, SSL certificates will not be validated.

This should only be used on personally controlled sites using self-signed certificates.

Choices:

  • false

  • true ← (default)

Attributes

Attribute

Support

Description

check_mode

Support: full

Can run in check_mode and return changed status prediction without modifying target, if not supported the action will be skipped.

diff_mode

Support: none

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode

platform

Platform: rhel

Target OS/families that can be operated against

Examples

- name: Import a key from a url
  ansible.builtin.rpm_key:
    state: present
    key: http://apt.sw.be/RPM-GPG-KEY.dag.txt

- name: Import a key from a file
  ansible.builtin.rpm_key:
    state: present
    key: /path/to/key.gpg

- name: Ensure a key is not present in the db
  ansible.builtin.rpm_key:
    state: absent
    key: DEADB33F

- name: Verify the key, using a fingerprint, before import
  ansible.builtin.rpm_key:
    key: /path/to/RPM-GPG-KEY.dag.txt
    fingerprint: EBC6 E12C 62B1 C734 026B  2122 A20E 5214 6B8D 79E6

- name: Verify the key, using multiple fingerprints, before import
  ansible.builtin.rpm_key:
    key: /path/to/RPM-GPG-KEY.dag.txt
    fingerprint:
      - EBC6 E12C 62B1 C734 026B  2122 A20E 5214 6B8D 79E6
      - 19B7 913E 6284 8E3F 4D78 D6B4 ECD9 1AB2 2EB6 8D86

Authors

  • Hector Acosta (@hacosta)