Skip to content

Latest commit

 

History

History
147 lines (104 loc) · 9.09 KB

README.md

File metadata and controls

147 lines (104 loc) · 9.09 KB

Ansible Community Crypto Collection

Build Status EOL CI Codecov

Provides modules for Ansible for various cryptographic operations.

You can find documentation for this collection on the Ansible docs site.

Please note that this collection does not support Windows targets.

Tested with Ansible

Tested with the current Ansible 2.9, ansible-base 2.10, ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, ansible-core 2.14, ansible-core 2.15, ansible-core 2.16, and ansible-core-2.17 releases and the current development version of ansible-core. Ansible versions before 2.9.10 are not supported.

External requirements

The exact requirements for every module are listed in the module documentation.

Most modules require a recent enough version of the Python cryptography library. See the module documentations for the minimal version supported for each module.

Collection Documentation

Browsing the latest collection documentation will show docs for the latest version released in the Ansible package, not the latest version of the collection released on Galaxy.

Browsing the devel collection documentation shows docs for the latest version released on Galaxy.

We also separately publish latest commit collection documentation which shows docs for the latest commit in the main branch.

If you use the Ansible package and do not update collections independently, use latest. If you install or update this collection directly from Galaxy, use devel. If you are looking to contribute, use latest commit.

Included content

  • OpenSSL / PKI modules and plugins:
    • certificate_complete_chain module
    • openssl_csr_info module and filter
    • openssl_csr_pipe module
    • openssl_csr module
    • openssl_dhparam module
    • openssl_pkcs12 module
    • openssl_privatekey_convert module
    • openssl_privatekey_info module and filter
    • openssl_privatekey_pipe module
    • openssl_privatekey module
    • openssl_publickey_info module and filter
    • openssl_publickey module
    • openssl_signature_info module
    • openssl_signature module
    • split_pem filter
    • x509_certificate_convert module
    • x509_certificate_info module and filter
    • x509_certificate_pipe module
    • x509_certificate module
    • x509_crl_info module and filter
    • x509_crl module
  • OpenSSH modules and plugins:
    • openssh_cert module
    • openssh_keypair module
  • ACME modules and plugins:
    • acme_account_info module
    • acme_account module
    • acme_ari_info module
    • acme_certificate module
    • acme_certificate_deactivate_authz module
    • acme_certificate_revoke module
    • acme_challenge_cert_helper module
    • acme_inspect module
  • ECS modules and plugins:
    • ecs_certificate module
    • ecs_domain module
  • GnuPG modules and plugins:
    • gpg_fingerprint lookup and filter
  • Miscellaneous modules and plugins:
    • crypto_info module
    • get_certificate module
    • luks_device module
    • parse_serial and to_serial filters

You can also find a list of all modules and plugins with documentation on the Ansible docs site, or the latest commit collection documentation.

Using this collection

Before using the crypto community collection, you need to install the collection with the ansible-galaxy CLI:

ansible-galaxy collection install community.crypto

You can also include it in a requirements.yml file and install it via ansible-galaxy collection install -r requirements.yml using the format:

collections:
- name: community.crypto

See Ansible Using collections for more details.

Contributing to this collection

We're following the general Ansible contributor guidelines; see Ansible Community Guide.

If you want to clone this repositority (or a fork of it) to improve it, you can proceed as follows:

  1. Create a directory ansible_collections/community;
  2. In there, checkout this repository (or a fork) as crypto;
  3. Add the directory containing ansible_collections to your ANSIBLE_COLLECTIONS_PATH.

See Ansible's dev guide for more information.

Release notes

See the changelog.

Roadmap

We plan to regularly release minor and patch versions, whenever new features are added or bugs fixed. Our collection follows semantic versioning, so breaking changes will only happen in major releases.

Most modules will drop PyOpenSSL support in version 2.0.0 of the collection, i.e. in the next major version. We currently plan to release 2.0.0 somewhen during 2021. Around then, the supported versions of the most common distributions will contain a new enough version of cryptography.

Once 2.0.0 has been released, bugfixes will still be backported to 1.0.0 for some time, and some features might also be backported. If we do not want to backport something ourselves because we think it is not worth the effort, backport PRs by non-maintainers are usually accepted.

In 2.0.0, the following notable features will be removed:

  • PyOpenSSL backends of all modules, except openssl_pkcs12 which does not have a cryptography backend due to lack of support of PKCS#12 functionality in cryptography.
  • The assertonly provider of x509_certificate will be removed.

More information

Licensing

This collection is primarily licensed and distributed as a whole under the GNU General Public License v3.0 or later.

See LICENSES/GPL-3.0-or-later.txt for the full text.

Parts of the collection are licensed under the Apache 2.0 license (plugins/module_utils/crypto/_obj2txt.py and plugins/module_utils/crypto/_objects_data.py), the BSD 2-Clause license (plugins/module_utils/ecs/api.py), the BSD 3-Clause license (plugins/module_utils/crypto/_obj2txt.py, tests/integration/targets/prepare_jinja2_compat/filter_plugins/jinja_compatibility.py), and the PSF 2.0 license (plugins/module_utils/_version.py). This only applies to vendored files in plugins/module_utils/ and to the ECS module utils.

Almost all files have a machine readable SDPX-License-Identifier: comment denoting its respective license(s) or an equivalent entry in an accompanying .license file. Only changelog fragments (which will not be part of a release) are covered by a blanket statement in .reuse/dep5. Right now a few vendored PEM files do not have licensing information as well. This conforms to the REUSE specification up to the aforementioned PEM files.