terraform-provider-docker icon indicating copy to clipboard operation
terraform-provider-docker copied to clipboard

Published 20 hours ago verified publisher icon kreuzwerker

Support for SSH Private Key (not a file)

Open designermonkey opened this issue 3 years ago • 4 comments
trafficstars

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Sometimes we don't have an ssh private key on a disk that we can use as an SSH option. This is the case when using Hashicorp's TLS provider for example.

Would it be possible to add the option for private key contents to be passed in instead of a filepath?

The Remote FIle provider gives us this functionality, so it's definitely possible.

Potential Terraform Configuration

provider "docker" {
  host     = "ssh://user@remote-host:22"
  ssh_opts = ["-o", "StrictHostKeyChecking=no", "-o", "UserKnownHostsFile=/dev/null"]
  ssh_private_key = "<ssh private key>"
}

References

  • https://registry.terraform.io/providers/tenstad/remotefile/latest/docs/resources/file

designermonkey avatar Sep 08 '22 15:09 designermonkey

First I thought: Couldn't you use https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file to create the file and then reference the file path in the provider?

But then I remembers, that you cannot reference resources from other providers in a provider configuration...

Junkern avatar Sep 22 '22 16:09 Junkern

I tried what you suggested and for ages I couldn't figure out why it didn't work, so thanks for explaining that bit!

designermonkey avatar Sep 23 '22 08:09 designermonkey

Our situation is that we want to generate unique ssh keys for each node we spin up with terraform. I can leave the keys in the terraform state and reference them or put them into an S3 bucket for example, but I can't put them onto the filesystem anywhere as it too is ethereal and is created just for the terraform run.

We use terragrunt with terraform all inside docker containers that are created for a run then destroyed after use, so even with running the key generation terraform config separate to the docker ssh terraform config, the key will be lost.

If I were a go programmer, I would try to help but alas I'm not, and we're pretty stuck right now.

designermonkey avatar Sep 29 '22 17:09 designermonkey

I am still unsure if this docker provider should solve this problem. First of all, apparently ssh doesn't even have a possibility to natively specify an ssh string: https://stackoverflow.com/questions/12041688/specify-private-key-in-ssh-as-string (event they suggest to temporarily place the content into a file) And second, I have not found any possibility inside the official docker code to specify/change the ssh private key content.

I know you said

but I can't put them onto the filesystem anywhere as it too is ethereal and is created just for the terraform run

however, that would instantly solve that problem.

Maybe you open an issue at the docker community and ask them how they are dealing with that kind of problem?

Junkern avatar Dec 28 '22 11:12 Junkern