Allow to define mode and ownership for CA private keys

By default private keys mode is 0600. However, in cases when pki dir is stored in git, file mode is not being preserved there. At the same time changing mode of private key will trigger CA certs re-generation which may lead to unexpected side-effects. Change-Id: I4a90479261b2721c08e9034fbae0d56de9308676
2022-12-14 11:27:28 +01:00 · 2022-12-14 11:27:28 +01:00 · 7b261e2119
commit 7b261e2119
parent 422e31e1c2
1 changed files with 3 additions and 0 deletions
--- a/tasks/standalone/create_ca.yml
+++ b/tasks/standalone/create_ca.yml
@ -59,6 +59,9 @@
        passphrase: "{{ ca.key_passphrase | default(omit) }}"
        cipher: "{{ ('key_passphrase' in ca and ca.key_passphrase) | ternary('auto', omit) }}"
        backup: "{{ ca.backup | default(True) }}"
+        mode: "{{ ca.key_mode | default('0600') }}"
+        owner: "{{ ca.key_owner | default('root') }}"
+        group: "{{ ca.key_group | default('root') }}"
      register: ca_privkey

    - name: Read the serial number for {{ ca.name }}