If you are not familiar with modules, check out Ansible - Getting Started with Modules.
The user module can be used to create a public certificate (such as id_rsa.pub) and private key (such as id_rsa). Likewise, the openssh_keypair module can be used as well. Or, the openssh_cert module can be used to create a public certificate (such as id_rsa.pub) using an existing private key (such as id_rsa). After generating a new keypair, you may want to use the authorized_key module to append the certificate to authorized_keys files.
In this example, John Doe's id_rsa (private key) and id_rsa.pub (public certificate) files will be created. If id_rsa.pub already exists, it will not be overwritten. This is typically used for passwordless SSH connections using a public private key pair (see Ansible - Getting Started with SSH).
- name: create /home/john.doe/.ssh/id_rsa (private key) and /home/john.doe/.ssh/id_rsa.pub (public certificate) user: name: john.doe generate_ssh_key: yes ssh_key_type: rsa ssh_key_bits: 2048 ssh_key_file: /home/john.doe/.ssh/id_rsa ssh_key_comment: hello world