Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH Keys #74

Open
andreroggeri opened this issue Mar 11, 2023 · 8 comments
Open

SSH Keys #74

andreroggeri opened this issue Mar 11, 2023 · 8 comments
Labels
enhancement New feature or request

Comments

@andreroggeri
Copy link

Summary

I couldn't find any example on how to create/retrieve SSH keys.
The only issue mentioning it is this one, but I see that the API already supports other types of items.

curl -H "Authorization: Bearer $(cat op_token)" local_op_server/v1/vaults/:vault_id/items/:item_id
{"additionalInformation":"SHA256:h8SXUtOpl5UzEhV3nEjWNDQmxdZHrk7bgHCkpqsSsxs","category":"SSH_KEY","createdAt":"2023-03-11T18:36:38Z","fields":[{"id":"notesPlain","label":"notesPlain","purpose":"NOTES","type":"STRING"},{"id":"public_key","label":"public key","type":"STRING","value":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLHciYuL95p0a+nzB8BA7oSoePLmYh2suG3beiUI1pz"},{"id":"fingerprint","label":"fingerprint","type":"STRING","value":"SHA256:h8SXUtOpl5UzEhV3nEjWNDQmxdZHrk7bgHCkpqsSsxs"},{"id":"private_key","label":"private key","type":"SSHKEY","value":"-----BEGIN PRIVATE KEY-----\nMFMCAQEwBQYDK2VwBCIEIBH6rPUQbzw8aFbInex1xcQCXg4PdzzmF+Ur1wY6expK\noSMDIQASx3ImLi/eadGvp8wfAQO6EqHjy5mIdrLht23olCNacw==\n-----END PRIVATE KEY-----\n"},{"id":"key_type","label":"key type","type":"STRING","value":"ed25519"}],"id":":vault_id","lastEditedBy":":uid","title":"SSH Key","updatedAt":"2023-03-11T18:36:38Z","vault":{"id":"vault_id","name":"Terraform"},"version":1}

Use cases

Create and retrieve private/public keys for deployed applications
@jeffgus
Copy link

jeffgus commented Jul 14, 2023

Today I was playing around with this provider to see what I could do with it. I was able to import a ssh_key item into Terraform, but I can't set that type in TF. The error is:

│ Error: expected category to be one of [login password database], got ssh_key

The functionality isn't there yet. It would be nice to be able to create a new key for an AWS instance and save it in 1password for others on my team to access.

@Neol3108
Copy link

I also really would like to be able to create SSH Keys in 1P from Terraform. Is there any update on this? Will it ever get added?
PS: new to this provider, don't know how actively it is maintained

@FracKenA
Copy link

I also really would like to be able to create SSH Keys in 1P from Terraform.

So, 1Pw shouldn't be the item generating the keys. Use the below provider to generate the keys, it is the TLS provider from hashicorp and it works great, the issue is that once it gets created, we need to be able to push it to 1Pw.

https://registry.terraform.io/providers/hashicorp/tls/latest/docs

@Neol3108
Copy link

@FracKenA that's what I meant by creating: creating the one password item with type ssh key. Not generating

@Omicron7
Copy link

I attempted to implement ssh keys but ran into an issue with the underlying Connect API.
1Password/connect#77

I was able to successfully implement a DataSource (data "onepassword_item" "key" { ... }). If this would be helpful to anyone, I can submit a Pull Request.

@atammy-narmi atammy-narmi mentioned this issue Mar 4, 2024
Merged
@CamiloDFM
Copy link

@FracKenA The issue with the tls_private_key resource (the one used for SSH key generation) is the fact that the SSH key is kept in the state in plain text - see the Security Notice here: https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key

@shadshar
Copy link

shadshar commented Jun 30, 2024
edited
Loading

I also really would like to be able to create SSH Keys in 1P from Terraform.

So, 1Pw shouldn't be the item generating the keys. Use the below provider to generate the keys, it is the TLS provider from hashicorp and it works great, the issue is that once it gets created, we need to be able to push it to 1Pw.

https://registry.terraform.io/providers/hashicorp/tls/latest/docs

I was looking for this functionality right now, and I very definitely want 1password to generate the SSH keys for me, and have that functionality available to me via Terraform. Use case:

  • Generate the ssh key in 1p. It has a button to do that in the UI, anyway. It now becomes available through the built-in ssh agent.
  • Generate a ssh key resource in $some_cloud_provider. Push the public key of the newly generated key into that.
  • Set up a bunch of compute instances that automatically get to use that key

I would now have a freshly generated ssh key pair that is accessible to me, without the private key touching my hard drive: not in the .ssh directory, not in the terraform state, not anywhere else. This is exactly what I want.

That would be great for setting up fresh labs for workshops, for example, especially with 1p's granular sharing abilities. It could also help with rotating SSH keys by simple changing the key in 1password, assuming Terraform can pick up on that change and deploy the fresh keys accordingly.

@f33rx
Copy link

f33rx commented Oct 8, 2024

The workflow I have in mind is to generate an SSH key for AWS/GCP/Azure using a secure method and store it and 1Password. This will allow me to use the SSH Agent integration to SSH into a host without needing to retrieve the key each time. Wish there was support for this category.

@SimonBarendse SimonBarendse added the enhancement New feature or request label Oct 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@Omicron7 @f33rx @jeffgus @andreroggeri @Neol3108 @CamiloDFM @FracKenA @SimonBarendse @shadshar