compscidr.gpg
ansible-gpg
Ansible module for importing and removing GPG keys using keybase.io or local files.
This module is inspired by the work of Brandon Kalinowski and Thelonius Kort, and has been updated for publishing on ansible-galaxy.
With this module, managing GPG keys is straightforward. Just provide the keybase username along with either the key's email or fingerprint. You can also import keys from files.
The module uses Ansible's fetch_url method to securely download public keys via HTTPS.
When using key_file, the key_id is determined automatically from the file.
This module adds functionality for keybase.io and marks imported keys as trusted, allowing the machine to encrypt files for the imported users.
Options
| Name | Default | Description |
|---|---|---|
| keybase_user | null | The username to fetch from Keybase. The module will automatically download https://keybase.io/key_id must also be defined. |
| key_id | null | The ID of the key to import. Only for public keys. Either key_file or key_id is required. |
| key_file | null | The filename of the key to import. Must be on the remote machine, not local. Either key_file or key_id is required. |
| key_type | 'public' | The type of key to import. Only applicable for key_file. |
| bin_path | /usr/bin/gpg | The location of the remote GPG binary. |
| state | 'present' | The desired state: 'present', 'latest', or 'absent'. |
Some unusual behaviors can occur with insane keys, but that is a GPG issue.
Installation via Galaxy:
Run:
ansible-galaxy install compscidr.gpg
Installation via Galaxy / Requirements
Add this to requirements.yml:
roles:
- name: compscidr.gpg
Then run:
ansible-galaxy install -r requirements.yml
Installation via Git / Requirements
Add this to your requirements.yml file:
# From GitHub
- src: https://github.com/compscidr/ansible-gpg
name: compscidr.gpg
Then run:
ansible-galaxy install -r requirements.yml
Example Playbook
---
- name: GPG Module Examples
hosts: vagrant
gather_facts: false
roles:
- role: compscidr.gpg
tasks:
- name: Import GPG key from Keybase
gpg:
keybase_user: brandonkal
state: present
key_id: F33344CEF855F4FE4C2C55820E9D2E07D3D89BDD
# Key ID can be a fingerprint or email address
tags:
- keybase
- name: Attempt to Import Fake Keybase Key | Fails
gpg:
keybase_user: jijd
state: present
tags:
- fake
- name: Copy GPG File
copy:
src: publickey.asc
dest: publickey.asc
tags:
- file
- name: Import Public GPG Key from File
gpg:
key_file: publickey.asc
tags:
- file
- name: Import Private GPG Key from File
gpg:
key_file: privatekey.asc
key_type: private
state: latest
tags:
- private
- name: Remove GPG Key
gpg:
keybase_user: gpgtools
key_id: [email protected]
state: absent
Enables import and removal of GPG-keys using keybase.io or files
ansible-galaxy install compscidr.gpg