Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/rhythmictech/terraform-aws-secure-ssh-key

Creates an ssh key with a Lambda data source and saves it in a secrets manager secret, allowing the creation of ssh keys without saving them in state
https://github.com/rhythmictech/terraform-aws-secure-ssh-key

Last synced: 12 months ago
JSON representation

Creates an ssh key with a Lambda data source and saves it in a secrets manager secret, allowing the creation of ssh keys without saving them in state

Awesome Lists containing this project

README 

          
# terraform-aws-secure-ssh-key

Creates an ssh key with a Lambda data source and saves it in a secrets manager secret, allowing the creation of ssh keys without saving them in state



[![tflint](https://github.com/rhythmictech/terraform-aws-secure-ssh-key/workflows/tflint/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-secure-ssh-key/actions?query=workflow%3Atflint+event%3Apush+branch%3Amaster)

[![tfsec](https://github.com/rhythmictech/terraform-aws-secure-ssh-key/workflows/tfsec/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-secure-ssh-key/actions?query=workflow%3Atfsec+event%3Apush+branch%3Amaster)

[![yamllint](https://github.com/rhythmictech/terraform-aws-secure-ssh-key/workflows/yamllint/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-secure-ssh-key/actions?query=workflow%3Ayamllint+event%3Apush+branch%3Amaster)

[![misspell](https://github.com/rhythmictech/terraform-aws-secure-ssh-key/workflows/misspell/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-secure-ssh-key/actions?query=workflow%3Amisspell+event%3Apush+branch%3Amaster)

[![pre-commit-check](https://github.com/rhythmictech/terraform-aws-secure-ssh-key/workflows/pre-commit-check/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-secure-ssh-key/actions?query=workflow%3Apre-commit-check+event%3Apush+branch%3Amaster)



## Example

Here's what using the module will look like

```hcl

module "secure_ssh_key" {

  source  = "rhythmictech/secure-ssh-key/aws"

  version = "~> 2.0.1"



  name   = "my-secure-key"

}



output "secret_name" {

  value = module.secure_ssh_key.privkey_secret_name

}



```



## About

Creates an ssh key with a Lambda data source and saves it in a secrets manager secret, allowing the creation of ssh keys without saving them in state



## Dependencies

* Python >= 3.8



## Requirements



| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 0.12.28 |

|  [aws](#requirement\_aws) | >= 2.45.0, < 4.0.0 |

|  [external](#requirement\_external) | ~> 1.2 |

|  [null](#requirement\_null) | ~>2.1.2 |



## Providers



| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | 3.75.1 |

|  [external](#provider\_external) | 1.2.0 |

|  [null](#provider\_null) | 2.1.2 |



## Modules



| Name | Source | Version |

|------|--------|---------|

|  [lambda\_version](#module\_lambda\_version) | rhythmictech/find-release-by-semver/github | >= 1.0.0-rc1, < 2.0.0 |

|  [pubkey](#module\_pubkey) | matti/resource/shell | ~> 1.0.7 |



## Resources



| Name | Type |

|------|------|

| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |

| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |

| [aws_iam_role_policy.secret_write](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |

| [aws_iam_role_policy_attachment.lambda_basic_execution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |

| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |

| [aws_secretsmanager_secret.privkey](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |

| [aws_secretsmanager_secret.pubkey](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |

| [null_resource.lambda_invoke](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |

| [null_resource.lambda_zip](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |

| [aws_iam_policy_document.assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

| [aws_iam_policy_document.secret_write](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

| [external_external.sha](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source |



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [keepers](#input\_keepers) | Arbitrary map of values that when changed will force a new password | `map(string)` | `{}` | no |

|  [key\_bits](#input\_key\_bits) | Number of bits to be used in RSA key generation | `number` | `2048` | no |

|  [lambda\_version\_constraint](#input\_lambda\_version\_constraint) | NPM-style version constraint for the version of the lambda code you want to use | `string` | `"^1.0.2-rc2"` | no |

|  [name](#input\_name) | Moniker to apply to all resources in the module | `string` | n/a | yes |

|  [secret\_description](#input\_secret\_description) | Set a description for the secret | `string` | `"An SSH key secret by Terraform"` | no |

|  [tags](#input\_tags) | User-Defined tags | `map(string)` | `{}` | no |



## Outputs



| Name | Description |

|------|-------------|

|  [privkey\_secret\_arn](#output\_privkey\_secret\_arn) | The ARN of the SecretsManager privkey Secret |

|  [privkey\_secret\_name](#output\_privkey\_secret\_name) | The name of the privkey secret |

|  [pubkey\_secret\_arn](#output\_pubkey\_secret\_arn) | The ARN of the SecretsManager privkey Secret |

|  [pubkey\_secret\_name](#output\_pubkey\_secret\_name) | The name of the privkey secret |

|  [ssh\_pubkey](#output\_ssh\_pubkey) | The SSH pubkey |



## The Giants Underneath this Module

- [pre-commit.com](pre-commit.com)

- [terraform.io](terraform.io)

- [github.com/tfutils/tfenv](github.com/tfutils/tfenv)

- [github.com/segmentio/terraform-docs](github.com/segmentio/terraform-docs)