Using OpenSSL module without files

Dick_Visser · April 11, 2020, 7:24am

Hi

Our ansible deployments are using OpenSSL key materials that are stored as multiline values in yaml vars files.
I’d like to use openssl_certificate_info but that seems to require a path parameter:
https://docs.ansible.com/ansible/latest/modules/openssl_certificate_info_module.html

After inspection the majority of the openssl modules have this requirement.

I can’t think of a way to use the modules with variable based certificate materials, someone else maybe knows?

Also would this be a good feature request?
For instance a new ‘content’ parameter which contains the key material.

Thx

Dick

felixfontein · April 11, 2020, 8:07am

Hi Dick,

Our ansible deployments are using OpenSSL key materials that are
stored as multiline values in yaml vars files.
I'd like to use openssl_certificate_info but that seems to require a
path parameter:
https://docs.ansible.com/ansible/latest/modules/openssl_certificate_info_module.html

After inspection the majority of the openssl modules have this
requirement.

that's indeed true.

I can't think of a way to use the modules with variable based
certificate materials, someone else maybe knows?

There isn't one.

Also would this be a good feature request?

It is, and someone already requested this:
https://github.com/ansible/ansible/issues/63553

For instance a new 'content' parameter which contains the key
material.

That won't work that easily, unfortunately, as the modules are designed
to behave similarly to the `file` module. It would require a new set of
modules which are designed differently.

Fortunately, now that everything has been moved to collections
(https://github.com/ansible-collections/community.crypto/), this is
easier to do, since it is easier to move code to module_utils. My idea
would be to refactor the modules to move a lot of their core
functionality to module_utils, and then adding a new modules which can
work in-memory, re-use the core functionality from module_utils, and
thus do not require a large amount of code copy'n'paste. I have a
couple of other things I'll work on first, but this is something that
I'd like to do somewhen anyway.

Cheers,
Felix

Topic		Replies	Views
Is it possible to encrypt non-YAML data with Vault? Ansible Project	3	1	April 17, 2014
support passing new variables directly to the template module, but not only Ansible Project	9	0	January 22, 2015
OpenSSL (Private Keys, CSR, Certificates) management - Request for feedbacks Ansible Developer	1	1	July 14, 2016
how can I use ansible openssl_certificate module to gather facts about installed ssl certificates on application servers? Ansible Project	0	6	March 8, 2019
Writing Modules without AnsibleModule Ansible Developer	2	1	January 20, 2016

Using OpenSSL module without files

Related topics