Documentation

apt_key - Add or remove an apt key

Synopsis

Add or remove an apt key, optionally downloading it

Options

parameter required default choices comments
data
 no none
    keyfile contents
    file
    		 no none
      keyfile path
      id
      		 no none
        identifier of key. Including this allows check mode to correctly report the changed state.
        keyring
        (added in 1.3)
        		 no none
          path to specific keyring file in /etc/apt/trusted.gpg.d
          keyserver
          (added in 1.6)
          		 no none
            keyserver to retrieve key from.
            state
            		 no present
            • absent
            • present
            used to specify if key is being added or revoked
            url
            		 no none
              url to retrieve key from.
              validate_certs
              		 no yes
              • yes
              • no
              If no, SSL certificates for the target url will not be validated. This should only be used on personally controlled sites using self-signed certificates.

              Examples

              # Add an apt key by id from a keyserver
- apt_key: keyserver=keyserver.ubuntu.com id=36A1D7869245C8950F966E92D8576A8BA88D21E9

# Add an Apt signing key, uses whichever key is at the URL
- apt_key: url=https://ftp-master.debian.org/keys/archive-key-6.0.asc state=present

# Add an Apt signing key, will not download if present
- apt_key: id=473041FA url=https://ftp-master.debian.org/keys/archive-key-6.0.asc state=present

# Remove an Apt signing key, uses whichever key is at the URL
- apt_key: url=https://ftp-master.debian.org/keys/archive-key-6.0.asc state=absent

# Remove a Apt specific signing key, leading 0x is valid
- apt_key: id=0x473041FA state=absent

# Add a key from a file on the Ansible server
- apt_key: data="{{ lookup('file', 'apt.gpg') }}" state=present

# Add an Apt signing key to a specific keyring file
- apt_key: id=473041FA url=https://ftp-master.debian.org/keys/archive-key-6.0.asc keyring=/etc/apt/trusted.gpg.d/debian.gpg state=present

              Notes

              Note

              doesn’t download the key unless it really needs it

              Note

              as a sanity check, downloaded key id must match the one specified

              Note

              best practice is to specify the key id and the url

              This is a Core Module

              For more information on what this means please read Core Modules

              For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.