07/24/2019, 5:19 PM
Anyone have experience you can share with creating SSH keypairs via Pulumi? I'm not interested in the ec2.keypair, but rather generating SSH public & private keys that I'll store in secretmanager, and then later use for EC2, as well.
Right now I'm making a system call to do the work and loading the keys in:
Copy code
private async createKeypairSecret(): Promise<string> {

    const keygenCmd = "ssh-keygen -b 4096 -E sha256 -f ssh.key -m RFC4716 -N '' -C <|>";
    const rmCmd = 'rm ssh.key && rm';

    await exec(keygenCmd);

    let publicKey: string = fs.readFileSync('', 'utf8');
    let privateKey: string = fs.readFileSync('ssh.key', 'utf8');

    this.createSecret(publicKey, privateKey);

    await exec(rmCmd);

    return publicKey;
Is there a native typescript way to accomplish the same thing, and to generate keys with the same format?
it has to use the OpenSSH format that
outputs so it can immediately get used e.g. in ~/.ssh/id_rsa


07/24/2019, 5:38 PM
@early-musician-41645 you could use the pulumi-tls provider to do this 🙂 I released this a few weeks back


07/24/2019, 6:07 PM
that looks great, thanks! @damp-book-35965 same idea FYI
@broad-dog-22463 I'm trying it out but not having any luck actually getting at the PEM for private or public keys. This produces no output:
Copy code
let key = new tls.PrivateKey(this.secretName, {
      algorithm: "RSA",
      rsaBits: 4096,

    key.privateKeyPem.apply((key: any) => { console.log("private key PEM: "+key) } );