effectivelywild.technitium_dns.technitium_dns_add_private_key module – Add DNSSEC private key to a zone
Note
This module is part of the effectivelywild.technitium_dns collection (version 0.4.0).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install effectivelywild.technitium_dns.
To use it in a playbook, specify: effectivelywild.technitium_dns.technitium_dns_add_private_key.
New in effectivelywild.technitium_dns 0.3.0
Synopsis
Adds a private key to be used for signing a zone with DNSSEC.
The zone must already be signed with DNSSEC.
Supports RSA, ECDSA, and EDDSA algorithms with appropriate parameters.
This module is not idempotent; it will add a new key each time it is run, limited by API constraints.
Parameters
Parameter |
Comments |
|---|---|
The algorithm to be used for signing Choices:
|
|
Port for the Technitium DNS API. Defaults to 5380 Default: |
|
API token for authentication |
|
Base URL for the Technitium DNS API |
|
The name of the curve to be used when using ECDSA or EDDSA algorithm For ECDSA algorithm valid values are P256, P384 For EDDSA algorithm valid values are ED25519, ED448 This parameter is required when using ECDSA or EDDSA algorithm Choices:
|
|
The hash algorithm to be used when using RSA algorithm This parameter is required when using RSA algorithm Choices:
|
|
The size of the generated private key in bits to be used when using RSA algorithm This parameter is required when using RSA algorithm Common values are 2048, 3072, 4096 |
|
The type of key for which the private key is to be generated Choices:
|
|
Specifies a user generated private key in PEM format to add When not specified a private key will be automatically generated Must match the specified algorithm and curve/key_size parameters |
|
The frequency in days that the DNS server must automatically rollover the private key Valid range is 0-365 days where 0 disables rollover Default value is 90 days for Zone Signing Key (ZSK) and 0 days for Key Signing Key (KSK) |
|
Whether to validate SSL certificates when making API requests. Choices:
|
|
The name of the primary zone to add the private key to |
See Also
See also
- effectivelywild.technitium_dns.technitium_dns_sign_zone
Sign a zone with DNSSEC
- effectivelywild.technitium_dns.technitium_dns_get_dnssec_properties
Get DNSSEC properties for a zone
Examples
- name: Add RSA Key Signing Key with SHA256
technitium_dns_add_private_key:
api_url: "http://localhost"
api_token: "myapitoken"
zone: "example.com"
key_type: "KeySigningKey"
algorithm: "RSA"
hash_algorithm: "SHA256"
key_size: 2048
- name: Add ECDSA Zone Signing Key with P256 curve
technitium_dns_add_private_key:
api_url: "http://localhost"
api_token: "myapitoken"
zone: "example.com"
key_type: "ZoneSigningKey"
algorithm: "ECDSA"
curve: "P256"
rollover_days: 30
- name: Add EDDSA Key Signing Key with ED25519 curve
technitium_dns_add_private_key:
api_url: "http://localhost"
api_token: "myapitoken"
zone: "example.com"
key_type: "KeySigningKey"
algorithm: "EDDSA"
curve: "ED25519"
- name: Add user-provided RSA private key
technitium_dns_add_private_key:
api_url: "http://localhost"
api_token: "myapitoken"
zone: "example.com"
key_type: "KeySigningKey"
algorithm: "RSA"
hash_algorithm: "SHA256"
key_size: 2048
pem_private_key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA...
-----END RSA PRIVATE KEY-----
- name: Add Zone Signing Key with automatic rollover
technitium_dns_add_private_key:
api_url: "http://localhost"
api_token: "myapitoken"
zone: "example.com"
key_type: "ZoneSigningKey"
algorithm: "ECDSA"
curve: "P384"
rollover_days: 90
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
Full API response from Technitium DNS server Returned: always Sample: |
|
Whether the module made changes Returned: always Sample: |
|
Whether the module failed Returned: always Sample: |
|
Human readable message describing the result Returned: always Sample: |