apt_key - Add or remove an apt key

Author:Jayson Vantuyl & others

Synopsis

New in version 1.0.

Add or remove an apt key, optionally downloading it

Options

parameter required default choices comments
data no none
    keyfile contents
    file no none
      keyfile path
      id no none
        identifier of key
        keyring no none
          path to specific keyring file in /etc/apt/trusted.gpg.d (added in Ansible 1.3)
          state no present
          • absent
          • present
          used to specify if key is being added or revoked
          url no none
            url to retrieve key from.
            validate_certs no yes
            • yes
            • no
            If no, SSL certificates for the target url will not be validated. This should only be used on personally controlled sites using self-signed certificates.

            Examples


            # Add an Apt signing key, uses whichever key is at the URL
            - apt_key: url=https://ftp-master.debian.org/keys/archive-key-6.0.asc state=present
            
            # Add an Apt signing key, will not download if present
            - apt_key: id=473041FA url=https://ftp-master.debian.org/keys/archive-key-6.0.asc state=present
            
            # Remove an Apt signing key, uses whichever key is at the URL
            - apt_key: url=https://ftp-master.debian.org/keys/archive-key-6.0.asc state=absent
            
            # Remove a Apt specific signing key, leading 0x is valid
            - apt_key: id=0x473041FA state=absent
            
            # Add a key from a file on the Ansible server
            - apt_key: data="{{ lookup('file', 'apt.gpg') }}" state=present
            
            # Add an Apt signing key to a specific keyring file
            - apt_key: id=473041FA url=https://ftp-master.debian.org/keys/archive-key-6.0.asc keyring=/etc/apt/trusted.gpg.d/debian.gpg state=present
            

            Note

            doesn’t download the key unless it really needs it

            Note

            as a sanity check, downloaded key id must match the one specified

            Note

            best practice is to specify the key id and the url

            Table Of Contents

            Previous topic

            apt - Manages apt-packages

            Next topic

            apt_repository - Add and remove APT repositores