https://pulumi.com logo
Powered by
e

early-musician-41645

07/24/2019, 5:19 PM
Anyone have experience you can share with creating SSH keypairs via Pulumi? I'm not interested in the ec2.keypair, but rather generating SSH public & private keys that I'll store in secretmanager, and then later use for EC2, as well.
Right now I'm making a system call to do the work and loading the keys in:
Copy code
private async createKeypairSecret(): Promise<string> {

    const keygenCmd = "ssh-keygen -b 4096 -E sha256 -f ssh.key -m RFC4716 -N '' -C <mailto:cics@tableau.com|cics@tableau.com>";
    const rmCmd = 'rm ssh.key && rm ssh.key.pub';

    await exec(keygenCmd);

    let publicKey: string = fs.readFileSync('ssh.key.pub', 'utf8');
    let privateKey: string = fs.readFileSync('ssh.key', 'utf8');

    this.createSecret(publicKey, privateKey);

    await exec(rmCmd);

    return publicKey;
  }
Is there a native typescript way to accomplish the same thing, and to generate keys with the same format?
it has to use the OpenSSH format that 
ssh-keygen
outputs so it can immediately get used e.g. in ~/.ssh/id_rsa
b

broad-dog-22463

07/24/2019, 5:38 PM
@early-musician-41645 you could use the pulumi-tls provider to do this 🙂 https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/tls I released this a few weeks back
e

early-musician-41645

07/24/2019, 6:07 PM
that looks great, thanks! @damp-book-35965 same idea FYI
@broad-dog-22463 I'm trying it out but not having any luck actually getting at the PEM for private or public keys. This produces no output:
Copy code
let key = new tls.PrivateKey(this.secretName, {
      algorithm: "RSA",
      rsaBits: 4096,
    });

    key.privateKeyPem.apply((key: any) => { console.log("private key PEM: "+key) } );
Powered by