Feature request: Autodetect ssh keys

[ikassi]

Terraform Version

Terraform v0.11.7

Terraform Configuration Files

 provisioner "file" {
    source = "../../.build/file.zip"
    destination = "/root/file.zip"
    connection {
      type = "ssh"
      user = "root"
      private_key = "${file("~/.ssh/key")}"
    }
  }

Expected Behavior

Currently when a provisioner to copies a file to a resource through ssh, I need to explicitly tell terraform where my key is which makes my terraform file less portable unless I add it as an ENV variable. I think it would make sense for terraform to attempt to autodetect the key from my ~/.ssh like most applications do.

[apparentlymart]

Hi @ikassi! Thanks for this feature request.

Terraform's design here is assuming that the key is generated and registered within the configuration itself, acting as a system provisioning key rather than a per-use key. This is a common pattern with many cloud providers, but I do see that there are use-cases where SSH keys and users are being centrally managed by a config management system and it's better to have each person use their own credentials when running Terraform, just as we do for providers.

The ability to opt-in to trying already-existing SSH keys on the system seems reasonable. In the mean time, you should be able to get something like what you want here by running an ssh-agent (generally preferable than a fixed key anyway, because the key can then have a passphrase) and setting agent = true in the connection block to instruct Terraform to use it. Then any key you have loaded and decrypted into that agent will be available for Terraform's use, independently of where on disk that key was loaded from.