If you are not familiar with modules, check out Ansible - Getting Started with Modules.
The openssh_cert module can be used to create a public certificate (such as new_cert.pub) using an existing public key (such as id_rsa.pub) and an existing private key (such as id_rsa). Or, the openssh_keypair module can be used to create a public certificate (such as id_rsa.pub) and private key (such as id_rsa). After generating a new certificate, you may want to use the authorized_key module to append the certificate to authorized_keys files.
- name: Create the new_cert.pub public certificate openssh_cert: type: user signing_key: /home/john.doe/.ssh/id_rsa public_key: /home/john.doe/.ssh/id_rsa.pub path: /home/john.doe/.ssh/new_cert.pub valid_from: always valid_to: forever
- name: "Create the new_cert.pub public certificate" openssh_cert: force: "no" owner: "john.doe" group: "john.doe" mode: "0644" path: "/home/john.doe/.ssh/new_cert.pub" public_key: "/home/john.doe/.ssh/id_rsa.pub" seuser: "unconfined_u" serole: "object_r" setype: "httpd_sys_content_r" selevel: "s" signing_key: "/home/john.doe/.ssh/id_rsa" state: "present" type: "user" valid_from: always valid_to: forever