terraform-provider-tls
terraform-provider-tls copied to clipboard
hashicorp
Allow specifying OpenSSH Private Key Comment
Terraform CLI and Provider Versions
master
Use Cases or Problem Statement
openssh.MarshalPrivateKey is always with "" comment. We actually need to be able to configure it.
Here it is:
https://github.com/hashicorp/terraform-provider-tls/blob/9781d20b56443ebeaf985f2c9300fa1dd5ea94f1/internal/provider/resource_private_key.go#L226
Proposal
Add an input variable and make it configurable. A good name would be openssh_comment. It can be optional, and default to an empty string for backward compatibility.
How much impact is this issue causing?
High
Additional Information
Having a comment in the private key specifically is required for us unfortunately, and without this we can't use this provider.
We need it to make the right comment to appear when the key is added to the ssh-agent because we need to be able to tell what key is loaded.
Code of Conduct
- [X] I agree to follow this project's Code of Conduct
This would be really useful to generate many deploy keys for use with https://github.com/webfactory/ssh-agent#support-for-github-deploy-keys
So far, I'm using ugly workaround
locals {
deploy_keys_map = {
"module-1" = "[email protected]:veerendra2/module-1.git",
"module-2" = "[email protected]:veerendra2/module-2.git"
}
}
resource "tls_private_key" "this" {
for_each = local.deploy_keys_map
algorithm = "RSA"
rsa_bits = 2048
}
resource "terraform_data" "this" {
for_each = local.deploy_keys_map
provisioner "local-exec" {
command = "echo '${tls_private_key.this[each.key].private_key_openssh}' > ${each.key}.txt && chmod 600 ${each.key}.txt && ssh-keygen -c -C '${each.value}' -f ${each.key}.txt"
}
}
data "local_file" "this" {
for_each = local.deploy_keys_map
filename = "${path.module}/${each.key}.txt"
}
