apt_key - Add or remove an apt key¶

Synopsis
Parameters
Notes
Examples
Status
Maintenance
- Support
- Author

Synopsis ¶

Add or remove an apt key, optionally downloading it.

Parameters ¶

Parameter	Choices/Defaults	Comments
data		The keyfile contents to add to the keyring.
file		The path to a keyfile on the remote server to add to the keyring.
id		The identifier of the key. Including this allows check mode to correctly report the changed state. If specifying a subkey's id be aware that apt-key does not understand how to remove keys via a subkey id. Specify the primary key's id instead. This parameter is required when `state` is set to `absent`.
keyring (added in 1.3)		The full path to specific keyring file in /etc/apt/trusted.gpg.d/
keyserver (added in 1.6)		The keyserver to retrieve key from.
state	Choices: absent present ←	Ensures that the key is present (added) or absent (revoked).
url		The URL to retrieve key from.
validate_certs bool	Choices: no yes ←	If `no`, SSL certificates for the target url will not be validated. This should only be used on personally controlled sites using self-signed certificates.

Notes ¶

Note

Doesn’t download the key unless it really needs it.
As a sanity check, downloaded key id must match the one specified.
Best practice is to specify the key id and the URL.
Adding a new key requires an apt cache update (e.g. using the apt module’s update_cache option)

Examples ¶

- name: Add an apt key by id from a keyserver
  apt_key:
    keyserver: keyserver.ubuntu.com
    id: 36A1D7869245C8950F966E92D8576A8BA88D21E9

- name: Add an Apt signing key, uses whichever key is at the URL
  apt_key:
    url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
    state: present

- name: Add an Apt signing key, will not download if present
  apt_key:
    id: 473041FA
    url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
    state: present

- name: Remove a Apt specific signing key, leading 0x is valid
  apt_key:
    id: 0x473041FA
    state: absent

# Use armored file since utf-8 string is expected. Must be of "PGP PUBLIC KEY BLOCK" type.
- name: Add a key from a file on the Ansible server.
  apt_key:
    data: "{{ lookup('file', 'apt.asc') }}"
    state: present

- name: Add an Apt signing key to a specific keyring file
  apt_key:
    id: 473041FA
    url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
    keyring: /etc/apt/trusted.gpg.d/debian.gpg

- name: Add Apt signing key on remote server to keyring
  apt_key:
    id: 473041FA
    file: /tmp/apt.gpg
    state: present

Status ¶

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance ¶

This module is flagged as core which means that it is maintained by the Ansible Core Team. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Core Team, see here.

Support ¶

For more information about Red Hat’s support of this module, please refer to this Knowledge Base article

Author ¶

Jayson Vantuyl (@jvantuyl)

Hint

If you notice any issues in this documentation you can edit this document to improve it.