Allow tagging of ssh keys

[tback]

Is your feature request related to a problem? Please describe.

I have a couple of different groups of ssh keys in my infrastructure that I maintain via terraform. I want to provision only keys of admins to the machines I provision. I have a global state that uploads the keys and I have a couple of environment states that consume them.

Describe the solution you'd like

I want to create ssh keys and tag them:

resource "digitalocean_ssh_key" "alice" {
  name = "alice"
  key = "..."
  tags = ["admin", "user"]
}

resource "digitalocean_ssh_key" "alice" {
  name = "bob"
  key = "..."
  tags = ["user"]
}
#...
resource "digitalocean_ssh_key" "ci" {
  name = "ci"
  key = "..."
  tags = ["ci"]
}

Then I want to filter keys when I provision machines:

data "digitalocean_ssh_keys" "admin_keys" {
  filter {
    key    = "tag"
    values = ["admin"]
  }
}

Currently I have to specify each individual key I want to select:

data "digitalocean_ssh_keys" "admin_keys" {
  filter {
    key    = "name"
    values = ["alice"] # ["alice", ...]
  }
}

This means I have to maintain the list of admins in multiple places.

Describe alternatives you've considered

Better filtering

I'm aware my feature request requires the ssh-key api to store tags. An easier approach would be to implement better filtering. It wouldn't be as powerful as tags, but I think would cover my use case well:

data "digitalocean_ssh_keys" "all_ssh_keys" {
  filter = "name=~admin-.*"
}

Remote state

I could also start working with remote state and use that to transport the list of admins from one state to another. It's tedious though and it is a security risk.

Additional context

Another filtering approach is implemented/documented in https://registry.terraform.io/providers/fortinetdev/fortios/latest/docs/guides/fgt_filter

[andrewsomething]

Thanks for the feedback @tback. Currently the DigitalOcean API does not support tagging SSH keys. I've passed on your feedback internally to the responsible product team.