Hi, > With the pyOpenSSL back end of the openssl_privatekey module > deprecated in Ansible 2.9, a colleague started looking at the > cryptography back end. According to the documentation: > > openssl_privatekey – Generate OpenSSL private keys > [https://docs.ansible.com/ansible/latest/modules/openssl_privatekey_module.html] > > ...the "cipher" parameter must be set to "auto" when using the > cryptography back end. There does not seem to be a way, using the > cryptography back end, to specify the cipher used to encrypt the > private key. > > Does anybody know why? I don't see that as a feature request: > > [https://github.com/ansible/ansible/issues?q=is%3Aissue+is%3Aopen+openssl_privatekey] > > ...so should I file one? Thanks!
the reason is that cryptography (https://cryptography.io/en/latest/) only supports two states: unencrypted, and encrypted with its own choice of algorithm ("best available algorithm"): https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization/#serialization-encryption-types Cheers, Felix -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/20200602214730.09f504fc%40rovaniemi.
