Creates a PEM (and OpenSSH) formatted private key.
Generates a secure private key and encodes it in PEM (RFC 1421) and OpenSSH PEM (RFC 4716) formats. This resource is primarily intended for easily bootstrapping throwaway development environments.
This is a logical resource, so it contributes only to the current Terraform state and does not create any external managed resources.
// DO NOT EDIT. Code generated by 'cdktf convert' - Please report bugs at https://cdk.tf/bug
import { Construct } from "constructs";
import { TerraformStack } from "cdktf";
/*
* Provider bindings are generated by running `cdktf get`.
* See https://cdk.tf/provider-generation for more details.
*/
import { PrivateKey } from "./.gen/providers/tls/private-key";
class MyConvertedCode extends TerraformStack {
constructor(scope: Construct, name: string) {
super(scope, name);
new PrivateKey(this, "ecdsa-p384-example", {
algorithm: "ECDSA",
ecdsaCurve: "P384",
});
new PrivateKey(this, "ed25519-example", {
algorithm: "ED25519",
});
new PrivateKey(this, "rsa-4096-example", {
algorithm: "RSA",
rsaBits: 4096,
});
}
}
algorithm
(String) Name of the algorithm to use when generating the private key. Currently-supported values are: RSA
, ECDSA
, ED25519
.ecdsaCurve
(String) When algorithm
is ECDSA
, the name of the elliptic curve to use. Currently-supported values are: P224
, P256
, P384
, P521
. (default: P224
).rsaBits
(Number) When algorithm
is RSA
, the size of the generated RSA key, in bits (default: 2048
).id
(String) Unique identifier for this resource: hexadecimal representation of the SHA1 checksum of the resource.privateKeyOpenssh
(String, Sensitive) Private key data in OpenSSH PEM (RFC 4716) format.privateKeyPem
(String, Sensitive) Private key data in PEM (RFC 1421) format.privateKeyPemPkcs8
(String, Sensitive) Private key data in PKCS#8 PEM (RFC 5208) format.publicKeyFingerprintMd5
(String) The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. aa:bb:cc:...
. Only available if the selected private key format is compatible, similarly to public_key_openssh
and the ECDSA P224 limitations.publicKeyFingerprintSha256
(String) The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. SHA256:...
. Only available if the selected private key format is compatible, similarly to public_key_openssh
and the ECDSA P224 limitations.publicKeyOpenssh
(String) The public key data in "Authorized Keys" format. This is not populated for ECDSA
with curve P224
, as it is not supported. NOTE: the underlying libraries that generate this value append a \n
at the end of the PEM. In case this disrupts your use case, we recommend using trimspace()
.publicKeyPem
(String) Public key data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n
at the end of the PEM. In case this disrupts your use case, we recommend using trimspace()
.Since a private key is a logical resource that lives only in the Terraform state, it will persist until it is explicitly destroyed by the user.
In order to force the generation of a new key within an existing state, the private key instance can be "tainted":
terraform taint tls_private_key.example
A new key will then be generated on the next terraform apply
.