Closed avalor1 closed 1 month ago
LGTM!
However this would be a breaking change, right? Existing keys will be recreated..
As per docs from community.crypto.openssl_privatekey:
By default, the key will be regenerated when it does not match the module's options, except when the key cannot be read or the passphrase does not match.
Is this something that will be merged soon? or if we need we should just cherry-pick it?
Hi, @darkspadez i will resolve conflicts and merge this PR today or in the next days. Sorry for the wait
Defaults for key size and curve are oriented on recomendations from https://docs.ansible.com/ansible/latest/collections/community/crypto/openssl_privatekey_module.html#parameter-curve and https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8.
If a type is used which does not use curves the openssl modul seems to ignore the value thus does not affect the creation of other key types. I tested it with RSA.