tasks/create-jwt-keys.yml - private-cloud-ansible-playbooks/apigee-opdk-setup-edge-sso-config - Git at Google

 ---
 - block:
   - name: Create folder for jwt-keys
     file:
       path: "{{ jwt_key_folder }}"
       state: directory
       owner: "{{ opdk_user_name }}"
       group: "{{ opdk_group_name }}"

   - name: Generate a passphrase
     command: "openssl rand -base64 48"
     args:
       chdir: "{{ jwt_key_folder }}"
     register: passphrase

   - name: Create Signing Key
     shell: "openssl genrsa -passout pass:{{ passphrase.stdout }} -out {{ jwt_private_key }} {{ jwt_key_size }}"
     args:
       chdir: "{{ jwt_key_folder }}"

   - name: Prep to remove passphrase from Key
     copy:
       dest: "{{ jwt_key_folder }}/remove-passphrase-{{ jwt_private_key }}"
       src: "{{ jwt_key_folder }}/{{ jwt_private_key }}"
       remote_src: yes

   - name: Remove the passphrase from the key
     shell: "openssl rsa -in remove-passphrase-{{ jwt_private_key }} -passin pass:{{ passphrase.stdout }} -out {{ jwt_private_key }}"
     args:
       chdir: "{{ jwt_key_folder }}"

   - name: Clean up passphrase removal file
     file:
       path: "{{ jwt_key_folder }}/remove-passphrase-{{ jwt_private_key }}"
       state: absent

   - name: Generate Verification Key
     shell: "openssl rsa -pubout -in {{ jwt_private_key }} -out {{ jwt_public_key }}"
     args:
       chdir: "{{ jwt_key_folder }}"

   become: yes
	---
	- block:
	- name: Create folder for jwt-keys
	file:
	path: "{{ jwt_key_folder }}"
	state: directory
	owner: "{{ opdk_user_name }}"
	group: "{{ opdk_group_name }}"

	- name: Generate a passphrase
	command: "openssl rand -base64 48"
	args:
	chdir: "{{ jwt_key_folder }}"
	register: passphrase

	- name: Create Signing Key
	shell: "openssl genrsa -passout pass:{{ passphrase.stdout }} -out {{ jwt_private_key }} {{ jwt_key_size }}"
	args:
	chdir: "{{ jwt_key_folder }}"

	- name: Prep to remove passphrase from Key
	copy:
	dest: "{{ jwt_key_folder }}/remove-passphrase-{{ jwt_private_key }}"
	src: "{{ jwt_key_folder }}/{{ jwt_private_key }}"
	remote_src: yes

	- name: Remove the passphrase from the key
	shell: "openssl rsa -in remove-passphrase-{{ jwt_private_key }} -passin pass:{{ passphrase.stdout }} -out {{ jwt_private_key }}"
	args:
	chdir: "{{ jwt_key_folder }}"

	- name: Clean up passphrase removal file
	file:
	path: "{{ jwt_key_folder }}/remove-passphrase-{{ jwt_private_key }}"
	state: absent

	- name: Generate Verification Key
	shell: "openssl rsa -pubout -in {{ jwt_private_key }} -out {{ jwt_public_key }}"
	args:
	chdir: "{{ jwt_key_folder }}"

	become: yes