tls_private_key (Resource)

Creates a PEM (and OpenSSH) formatted private key.

Generates a secure private key and encodes it in PEM (RFC 1421) and OpenSSH PEM (RFC 4716) formats. This resource is primarily intended for easily bootstrapping throwaway development environments.

This is a logical resource, so it contributes only to the current Terraform state and does not create any external managed resources.

Example Usage

# ECDSA key with P384 elliptic curve
resource "tls_private_key" "ecdsa-p384-example" {
  algorithm   = "ECDSA"
  ecdsa_curve = "P384"
}

# RSA key of size 4096 bits
resource "tls_private_key" "rsa-4096-example" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

# ED25519 key
resource "tls_private_key" "ed25519-example" {
  algorithm = "ED25519"
}

Schema

Required

Optional

Read-Only

Generating a New Key

Since a private key is a logical resource that lives only in the Terraform state, it will persist until it is explicitly destroyed by the user.

In order to force the generation of a new key within an existing state, the private key instance can be "tainted":

terraform taint tls_private_key.example

A new key will then be generated on the next terraform apply.