https://pulumi.com logo
#general
Title
# general
g

gorgeous-angle-43463

07/29/2022, 3:21 PM
Hello all. Is there a way to produce an encrypted private key with the
pulumi_tls
package? Something similar to when using
openssl req -new -newkey rsa:2048 -sha256 -keyout >(cat -) -passout "pass:${password}" -subj "/"
.
a

ancient-car-89914

07/29/2022, 3:36 PM
what’s the use case for this? doesn’t pulumi already encrypt the outputs of https://www.pulumi.com/registry/packages/tls/api-docs/privatekey/?
g

gorgeous-angle-43463

07/29/2022, 4:37 PM
Hello @ancient-car-89914. The output is more generally encrypted for the sake of obfuscation when using the outputs. The use-case here is a cert-manager controller that uses the key as a registration authority, and by design is using an encrypted RSA key protected by a passphrase. This would be a resource such as
PrivateKey
with an additional argument of
passphrase
is what I would expect, but that does not seem to be implemented.
This means the controller is expecting the Certificate PEM, encrypted RSA key PEM, and passphrase for decrypting the RSA.
29 Views