https://pulumi.com logo
Title
g

gorgeous-angle-43463

07/29/2022, 3:21 PM
Hello all. Is there a way to produce an encrypted private key with the
pulumi_tls
package? Something similar to when using
openssl req -new -newkey rsa:2048 -sha256 -keyout >(cat -) -passout "pass:${password}" -subj "/"
.
a

ancient-car-89914

07/29/2022, 3:36 PM
what’s the use case for this? doesn’t pulumi already encrypt the outputs of https://www.pulumi.com/registry/packages/tls/api-docs/privatekey/?
g

gorgeous-angle-43463

07/29/2022, 4:37 PM
Hello @ancient-car-89914. The output is more generally encrypted for the sake of obfuscation when using the outputs. The use-case here is a cert-manager controller that uses the key as a registration authority, and by design is using an encrypted RSA key protected by a passphrase. This would be a resource such as
PrivateKey
with an additional argument of
passphrase
is what I would expect, but that does not seem to be implemented.
This means the controller is expecting the Certificate PEM, encrypted RSA key PEM, and passphrase for decrypting the RSA.