-
Notifications
You must be signed in to change notification settings - Fork 3
/
ssh_key.tf
36 lines (33 loc) · 1.42 KB
/
ssh_key.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key
resource "tls_private_key" "private_key" {
#
# /!\ IMPORTANT SECURITY ISSUE /!\
# The private key generated by this resource will be stored unencrypted in your Terraform state file.
# Use of this resource for production deployments is not recommended. Instead, generate a private key
# file outside of Terraform and distribute it securely to the system where Terraform will be run.
#
algorithm = "ED25519" # "RSA"
}
# https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file
resource "local_file" "key_file_pem" {
content = tls_private_key.private_key.private_key_openssh
filename = local.key_file_pem
# http://www.permissionscalculator.com/
# -r--------
file_permission = "0400"
}
resource "local_file" "key_file_pub" {
content = tls_private_key.private_key.public_key_openssh
filename = local.key_file_pub
# http://www.permissionscalculator.com/
# -rw-r--r--
file_permission = "0644"
}
# https://registry.terraform.io/providers/integrations/github/latest/docs/resources/user_ssh_key
# /!\ create a token here : https://github.com/settings/tokens
# /!\ must be checked : repo + admin:public_key
# gh ssh-key add ./argocd-image-updater.pub --title argocd-image-updater
resource "github_user_ssh_key" "ssh_key" {
title = var.project_name
key = tls_private_key.private_key.public_key_openssh
}