From 171dd2f234b7e1effe00bbe66bc42c30f78f9e2d Mon Sep 17 00:00:00 2001 From: Pavel Boldyrev <627562+bpg@users.noreply.github.com> Date: Mon, 4 Mar 2024 19:57:37 -0500 Subject: [PATCH] chore(docs): minor improvements around SSH private key usage (#1091) Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com> --- docs/index.md | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/docs/index.md b/docs/index.md index 38dd7e96..d6953a52 100644 --- a/docs/index.md +++ b/docs/index.md @@ -121,31 +121,34 @@ The SSH agent authentication takes precedence over the `private_key` and `passwo In some cases where SSH agent is not available, for example when running Terraform from a Windows machine, or when using a CI/CD pipeline that does not support SSH agent forwarding, you can use the `private_key` argument in the `ssh` block (or alternatively `PROXMOX_VE_SSH_PRIVATE_KEY` environment variable) to provide the private key for the SSH connection. -The private key must be in PEM format, and can be loaded from a file: +The private key mut not be encrypted, and must be in PEM format. +You can provide the private key from a file: ```terraform provider "proxmox" { - ... - + // ... ssh { - agent = false + agent = false private_key = file("~/.ssh/id_rsa") } } ``` -Not recommended, but you can also use a heredoc syntax to provide the private key as a string (note that the private key content must not be indented): + +Alternatively, although not recommended due to the increased risk of exposing an unprotected key, heredoc syntax can be used to supply the private key as a string. +Note that the content of the private key must not be indented: ```terraform provider "proxmox" { - ... + // ... ssh { - agent = false + agent = false private_key = < DMUWUEaH7yMCKl7uCZ9xAAAAAAECAwQF -----END OPENSSH PRIVATE KEY----- +EOF } } ``` @@ -157,10 +160,10 @@ This can be overridden by specifying the `username` argument in the `ssh` block ```terraform provider "proxmox" { - ... + // ... ssh { - agent = true + agent = true username = "terraform" } }