Documentation

latest
latest v2.19 v2.18 v2.17 v2.16 v2.15 v2.14 v2.12 v2.11 v2.10 v2.9 v2.8 v2.7 v2.6 v2.5 v2.4 v2.3 v2.2 v2.1 v2.0 v1.10 v1.9 v1.8 v1.7 v1.6 v1.5 v1.4 v1.3 v1.2 v1.1 v1.0
    Edit on GitHub

    PLEASE NOTE: This document applies to latest version and not to the latest stable release v2.19

    Documentation for other releases can be found by using the version selector in the top right of any doc page.

    java_keystore

    Manage Java keystores for SSL/TLS certificate management.

    Attributes

    check_mode:
  support: full

    Parameters

    Parameter Required Type Values Description
    alias   string   Alias for the certificate in the keystore.
    cacert_chain   array   List of CA certificate chain files (PEM format).
    certificate   string   Path to the certificate file (PEM format).
    force   boolean   Force overwrite existing entry with same alias.
    password true string   Password for the keystore.
    path true string   Path to the keystore file.
    pkcs12_password   string   Password for the PKCS12 file.
    pkcs12_path   string   Path to a PKCS12 file to import.
    private_key   string   Path to the private key file (PEM format).
    state   string present
    absent    		 Whether the entry should be present or absent. [default: "present"]

    Examples

    - name: Import certificate into keystore
  java_keystore:
    path: /etc/ssl/keystore.jks
    password: secret
    certificate: /etc/ssl/cert.pem
    private_key: /etc/ssl/key.pem
    alias: myapp

- name: Import certificate with CA chain
  java_keystore:
    path: /etc/ssl/keystore.jks
    password: secret
    certificate: /etc/ssl/cert.pem
    private_key: /etc/ssl/key.pem
    alias: myapp
    cacert_chain:
      - /etc/ssl/ca-intermediate.pem
      - /etc/ssl/ca-root.pem

- name: Import PKCS12 file into keystore
  java_keystore:
    path: /etc/ssl/keystore.jks
    password: secret
    pkcs12_path: /etc/ssl/bundle.p12
    pkcs12_password: pkcs12secret
    alias: myapp

- name: Remove certificate from keystore
  java_keystore:
    path: /etc/ssl/keystore.jks
    password: secret
    alias: oldcert
    state: absent

- name: Create empty keystore
  java_keystore:
    path: /etc/ssl/keystore.jks
    password: secret
    state: present

- name: Import certificate with force overwrite
  java_keystore:
    path: /etc/ssl/keystore.jks
    password: secret
    certificate: /etc/ssl/newcert.pem
    private_key: /etc/ssl/newkey.pem
    alias: myapp
    force: true