Add passphrase to client certificate (#21)

* Add passphrase to client certificate * Add cipher to key creation fixes #13
NETWAYS · Aug 16, 2021 · 5415b81 · 5415b81
1 parent 94796f5
commit 5415b81
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -30,6 +30,7 @@ Some files are copied to the host you're running Ansible on.
 * `ca_email`: E-Mail address for certificates (default: `root@{{ ansible_fqdn }}`)
 * `ca_altname_1`: First alt name (default: `{{ ansible_fqdn }}`)
 * `ca_ca_keylength`: CA keylength (default: `2048`)
+* `ca_keypassphrase`: Password for the client key (default: `ChangeMeAgain`)
 
 ## Example Playbook ##
 
@@ -43,7 +44,7 @@ GPLv3+
 Author Information
 ------------------
 
-This role was created in 2021 by Thomas Widhal <[email protected]>
+This role was created in 2021 by Thomas Widhalm <[email protected]>
 
 Some code used from:
 

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -17,3 +17,5 @@ ca_common_name: "{{ ansible_hostname }}"
 ca_email: "root@{{ ansible_fqdn }}"
 ca_altname_1: "{{ ansible_fqdn }}"
 ca_ca_keylength: 2048
+
+ca_keypassphrase: ChangeMeAgain
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -27,11 +27,14 @@
 - name: Create key
   openssl_privatekey:
     path: "{{ ca_ca_dir }}/{{ ansible_hostname }}.key"
+    passphrase: "{{ ca_keypassphrase }}"
+    cipher: auto
 
 - name: Create CSR
   openssl_csr:
     path: "{{ ca_ca_dir }}/{{ ansible_hostname }}.csr"
     privatekey_path: "{{ ca_ca_dir }}/{{ ansible_hostname }}.key"
+    privatekey_passphrase: "{{ ca_keypassphrase }}"
     country_name: "{{ ca_country }}"
     organization_name: "{{ ca_organization }}"
     common_name: "{{ ansible_hostname }}"