amazon-web-servicesterraformterraform-provider-awsaws-secrets-manager
How to get private key from secret manager?
I need to store a Private Key in AWS. Because when I create an ec2 instance from AWS I need to use this primary key to auth in provisioner "remote-exec". I don't want to save in repo AWS.
It's a good idea to save a private key in Secret Manager? And then consume it?
And in the case affirmative, How to save the primary key in Secret Manager and then retrieve in TF aws_secretsmanager_secret_version?
In my case, if I validate from a file(), it's working but if I validate from a string, is failed.
connection {
host = self.private_ip
type = "ssh"
user = "ec2-user"
#private_key = file("${path.module}/key") <-- Is working
private_key = jsondecode(data.aws_secretsmanager_secret_version.secret_terraform.secret_string)["ec2_key"] <-- not working. Error: Failed to read ssh private key: no key found
}
Solution
I think the reason is due to how you store it. I verified using my own sandbox account the use of aws_secretsmanager_secret_version and it works. However, I stored it as a pain text, not json:
Then I successfuly used it as follows for an instance:
resource "aws_instance" "public" {
ami = "ami-02354e95b39ca8dec"
instance_type = "t2.micro"
key_name = "key-pair-name"
security_groups = [aws_security_group.ec2_sg.name]
provisioner "remote-exec" {
connection {
type = "ssh"
user = "ec2-user"
private_key = data.aws_secretsmanager_secret_version.example.secret_string
host = "${self.public_ip}"
}
inline = [
"ls -la"
]
}
depends_on = [aws_key_pair.key]
}