Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH Keys #74

Open
andreroggeri opened this issue Mar 11, 2023 · 6 comments
Open

SSH Keys #74

andreroggeri opened this issue Mar 11, 2023 · 6 comments

Comments

@andreroggeri
Copy link

Summary

I couldn't find any example on how to create/retrieve SSH keys.
The only issue mentioning it is this one, but I see that the API already supports other types of items.

curl -H "Authorization: Bearer $(cat op_token)" local_op_server/v1/vaults/:vault_id/items/:item_id
{"additionalInformation":"SHA256:h8SXUtOpl5UzEhV3nEjWNDQmxdZHrk7bgHCkpqsSsxs","category":"SSH_KEY","createdAt":"2023-03-11T18:36:38Z","fields":[{"id":"notesPlain","label":"notesPlain","purpose":"NOTES","type":"STRING"},{"id":"public_key","label":"public key","type":"STRING","value":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLHciYuL95p0a+nzB8BA7oSoePLmYh2suG3beiUI1pz"},{"id":"fingerprint","label":"fingerprint","type":"STRING","value":"SHA256:h8SXUtOpl5UzEhV3nEjWNDQmxdZHrk7bgHCkpqsSsxs"},{"id":"private_key","label":"private key","type":"SSHKEY","value":"-----BEGIN PRIVATE KEY-----\nMFMCAQEwBQYDK2VwBCIEIBH6rPUQbzw8aFbInex1xcQCXg4PdzzmF+Ur1wY6expK\noSMDIQASx3ImLi/eadGvp8wfAQO6EqHjy5mIdrLht23olCNacw==\n-----END PRIVATE KEY-----\n"},{"id":"key_type","label":"key type","type":"STRING","value":"ed25519"}],"id":":vault_id","lastEditedBy":":uid","title":"SSH Key","updatedAt":"2023-03-11T18:36:38Z","vault":{"id":"vault_id","name":"Terraform"},"version":1}

Use cases

Create and retrieve private/public keys for deployed applications
@jeffgus
Copy link

jeffgus commented Jul 14, 2023

Today I was playing around with this provider to see what I could do with it. I was able to import a ssh_key item into Terraform, but I can't set that type in TF. The error is:

│ Error: expected category to be one of [login password database], got ssh_key

The functionality isn't there yet. It would be nice to be able to create a new key for an AWS instance and save it in 1password for others on my team to access.

@Neol3108
Copy link

I also really would like to be able to create SSH Keys in 1P from Terraform. Is there any update on this? Will it ever get added?
PS: new to this provider, don't know how actively it is maintained

@FracKenA
Copy link

I also really would like to be able to create SSH Keys in 1P from Terraform.

So, 1Pw shouldn't be the item generating the keys. Use the below provider to generate the keys, it is the TLS provider from hashicorp and it works great, the issue is that once it gets created, we need to be able to push it to 1Pw.

https://registry.terraform.io/providers/hashicorp/tls/latest/docs

@Neol3108
Copy link

@FracKenA that's what I meant by creating: creating the one password item with type ssh key. Not generating

@Omicron7
Copy link

I attempted to implement ssh keys but ran into an issue with the underlying Connect API.
1Password/connect#77

I was able to successfully implement a DataSource (data "onepassword_item" "key" { ... }). If this would be helpful to anyone, I can submit a Pull Request.

@atammy-narmi atammy-narmi mentioned this issue Mar 4, 2024
Open
@CamiloDFM
Copy link

@FracKenA The issue with the tls_private_key resource (the one used for SSH key generation) is the fact that the SSH key is kept in the state in plain text - see the Security Notice here: https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@Omicron7 @jeffgus @andreroggeri @Neol3108 @CamiloDFM @FracKenA