Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for adding passphrase and key expiry date #18

Open
Marcus-James-Adams opened this issue Nov 11, 2022 · 10 comments
Open

Support for adding passphrase and key expiry date #18

Marcus-James-Adams opened this issue Nov 11, 2022 · 10 comments

Comments

@Marcus-James-Adams
Copy link

Marcus-James-Adams commented Nov 11, 2022
edited
Loading

Loving this as it makes PGP generation in azure so much easier

There are two pieces of functionality that are missing that stop us from using it for all our use cases.

  • We use it with some 3 rd parties where the 3rd party says that the keys must be set to expire (between 6-24 months)
  • We use it with some 3rd parties that also require a passphrase attached.

It would be good if we ha the ability to add these as optional requirements to the key generation

resource "random_password" "pgpkey" {
  length      = 24
   .......
}
resource "pgp_key" "testing" {
  name    = "testing"
  email   = "testing@testing.com"
  comment = "testing"
  expiry  = "730" # Optional Expiry Time in days
  passphrase = random_password.pgpkey.result # Optional passphrase
}
@bshibilov-sh
Copy link

Are there any updates or information regarding this? I do see that passphrase is Unsupported

@ekristen
Copy link
Owner

Somehow I never saw this. Looking at this real quick, not sure the current libraries support these options. Since there's been a couple of votes, I'll take a closer look and see what's possible.

@dtwilliamsWork
Copy link

any update on this? is it possible?

@ekristen
Copy link
Owner

ekristen commented Oct 6, 2023

Currently not possible with the current PGP libraries available. None of them support past phrases on the keys.

@Marcus-James-Adams
Copy link
Author

Marcus-James-Adams commented Oct 7, 2023 via email

@ekristen
Copy link
Owner

I did some digging. It looks like I can get passphrase in, but still haven't found a solution for expiry.

@bshibilov-sh
Copy link

I found this solution for my setup https://registry.terraform.io/providers/Olivr/gpg/latest

@ekristen
Copy link
Owner

@bshibilov-sh glad you found something that works.

I'll be adding passphrase support soon. Still trying to find a solution for expiry in the way that's been asked.

@Marcus-James-Adams
Copy link
Author

@ekristen i am not hung up on the exact way of setting expiry eg days as long as an expiry can be set - it could be a date - it's just we have some suppliers who won't accept keys unless there is an expiry set to them

@ekristen
Copy link
Owner

I've got some time this week to dedicate, I've already got some of this implemented in dev, still working on figuring out the expiry, but will likely push the passphrase sooner than later.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ekristen @dtwilliamsWork @Marcus-James-Adams @bshibilov-sh