Skip to content

cisagov/ansible-role-dhs-certificates

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,160 Commits
.config/molecule
.config/molecule
 
 
.github
.github
 
 
defaults
defaults
 
 
handlers
handlers
 
 
meta
meta
 
 
molecule/default
molecule/default
 
 
tasks
tasks
 
 
vars
vars
 
 
.ansible-lint
.ansible-lint
 
 
.bandit.yml
.bandit.yml
 
 
.flake8
.flake8
 
 
.gitignore
.gitignore
 
 
.isort.cfg
.isort.cfg
 
 
.mdl_config.yaml
.mdl_config.yaml
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.prettierignore
.prettierignore
 
 
.yamllint
.yamllint
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
bump-version
bump-version
 
 
requirements-dev.txt
requirements-dev.txt
 
 
requirements-test.txt
requirements-test.txt
 
 
requirements.txt
requirements.txt
 
 
setup-env
setup-env
 
 
update_molecule_images.sh
update_molecule_images.sh
 
 
version.txt
version.txt
 
 

Repository files navigation

ansible-role-dhs-certificates

GitHub Build Status CodeQL

This is an Ansible role for configuring trust of DHS CA certificates at the OS level.

Requirements

This role makes use of the community.general.json_query Ansible filter, which requires that the jmespath Python package be installed on the local host.

Role Variables

Variable Description Default Required
cer_filename The filename to use for the DHS certificate cer bundle (translated from the p7b bundle). dhsca.cer No
cert_url The URL where the DHS certificate p7b bundle can be downloaded. https://pki.treas.gov/dhsca_fullpath.p7b No
p7b_filename The filename to use for the DHS certificate p7b bundle after it is downloaded from cert\_url. dhsca.p7b No
single_cert_filename_prefix The prefix to use when creating the individual certificate files extracted from the DHS certificate p7b bundle. If the prefix is "zz-" then individual certificate files will be named "zz-00", "zz-01", etc. dhs-cert- No

Dependencies

None.

Installation

This role can be installed via the command:

ansible-galaxy install --role-file path/to/requirements.yml

where requirements.yml looks like:

---
- name: dhs_certificates
  src: https://github.com/cisagov/ansible-role-dhs-certificates

and may contain other roles as well.

For more information about installing Ansible roles via a YAML file, please see the ansible-galaxy documentation.

Example Playbook

Here's how to use it in a playbook:

- hosts: all
  become: true
  become_method: sudo
  tasks:
    - name: Install and trust DHS certificates
      ansible.builtin.include_role:
        name: dhs_certificates

Contributing

We welcome contributions! Please see CONTRIBUTING.md for details.

License

This project is in the worldwide public domain.

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.

Author Information

Shane Frasier - [email protected]

About

An Ansible role for installing and trusting the DHS non-public CAs

Resources

Readme

License

CC0-1.0 license

Security policy

Security policy
Activity
Custom properties

Stars

4 stars

Watchers

4 watching

Forks

3 forks
Report repository

Releases 2

v2.0.0 Latest
Jun 13, 2025
+ 1 release

Packages

No packages published

Contributors 11

Languages