jprdonnelly/opentf
1
0
Fork 0
mirror of https://github.com/opentffoundation/opentf.git synced 2026-03-14 04:01:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
ecc4ce3657504cd885dad591f63edbc1db4097c0
opentf/website/source/docs/providers/tls/r/private_key.html.md
Martin Atkins f6fd41e7b5 tls provider 
As of this commit this provider has only logical resources that allow
the creation of private keys, self-signed certs and certificate requests.
These can be useful when creating other resources that use TLS
certificates, such as AWS Elastic Load Balancers.

Later it could grow to include support for real certificate provision from
CAs using the LetsEncrypt ACME protocol, once it is stable.
2015-10-22 21:48:32 -07:00

1.9 KiB
Raw Blame History

layout, page_title, sidebar_current, description
layout page_title sidebar_current description
tls TLS: tls_private_key docs-tls-resourse-private-key Creates a PEM-encoded private key.

tls_private_key

Generates a secure private key and encodes it as PEM. This resource is primarily intended for easily bootstrapping throwaway development environments.

~> Important Security Notice The private key generated by this resource will be stored unencrypted in your Terraform state file. Use of this resource for production deployments is not recommended. Instead, generate a private key file outside of Terraform and distribute it securely to the system where Terraform will be run.

This is a logical resource, so it contributes only to the current Terraform state and does not create any external managed resources.

Example Usage

resource "tls_private_key" "example" {
    algorithm = "ECDSA"
    ecdsa_curve = "P384"
}

Argument Reference

The following arguments are supported:

  • algorithm - (Required) The name of the algorithm to use for the key. Currently-supported values are "RSA" and "ECDSA".

  • rsa_bits - (Optional) When algorithm is "RSA", the size of the generated RSA key in bits. Defaults to 2048.

  • ecdsa_curve - (Optional) When algorithm is "ECDSA", the name of the elliptic curve to use. May be any one of "P224", "P256", "P384" or "P521", with "P224" as the default.

Attributes Reference

The following attributes are exported:

  • algorithm - The algorithm that was selected for the key.
  • private_key_pem - The private key data in PEM format.

Generating a New Key

Since a private key is a logical resource that lives only in the Terraform state, it will persist until it is explicitly destroyed by the user.

In order to force the generation of a new key within an existing state, the private key instance can be "tainted":

terraform taint tls_private_key.example

A new key will then be generated on the next terraform apply.

Reference in New Issue View Git Blame Copy Permalink