Support for adding passphrase and key expiry date

ekristen / terraform-provider-pgp

Terraform Provider for PGP Actions

12 stars 6 forks source link

Support for adding passphrase and key expiry date #18

Open Marcus-James-Adams opened 1 year ago

Marcus-James-Adams commented 1 year ago

Loving this as it makes PGP generation in azure so much easier

There are two pieces of functionality that are missing that stop us from using it for all our use cases.

We use it with some 3 rd parties where the 3rd party says that the keys must be set to expire (between 6-24 months)
We use it with some 3rd parties that also require a passphrase attached.

It would be good if we ha the ability to add these as optional requirements to the key generation

resource "random_password" "pgpkey" {
  length      = 24
   .......
}
resource "pgp_key" "testing" {
  name    = "testing"
  email   = "testing@testing.com"
  comment = "testing"
  expiry  = "730" # Optional Expiry Time in days
  passphrase = random_password.pgpkey.result # Optional passphrase
}

bshibilov-sh commented 11 months ago

Are there any updates or information regarding this? I do see that passphrase is Unsupported

ekristen commented 11 months ago

Somehow I never saw this. Looking at this real quick, not sure the current libraries support these options. Since there's been a couple of votes, I'll take a closer look and see what's possible.

dtwilliamsWork commented 11 months ago

any update on this? is it possible?

ekristen commented 11 months ago

Currently not possible with the current PGP libraries available. None of them support past phrases on the keys.

Marcus-James-Adams commented 11 months ago

Is it possible to replace the library with one that does support them?

On Fri, 6 Oct 2023, 14:01 Erik Kristensen, @.***> wrote:

Currently not possible with the current PGP libraries available. None of them support past phrases on the keys.

— Reply to this email directly, view it on GitHub https://github.com/ekristen/terraform-provider-pgp/issues/18#issuecomment-1750643607, or unsubscribe https://github.com/notifications/unsubscribe-auth/AH7GYF2QP7E3WY6FGZPOWMTX576MPAVCNFSM6AAAAAAR5QNHWKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONJQGY2DGNRQG4 . You are receiving this because you authored the thread.Message ID: @.***>

ekristen commented 11 months ago

I did some digging. It looks like I can get passphrase in, but still haven't found a solution for expiry.

bshibilov-sh commented 11 months ago

I found this solution for my setup https://registry.terraform.io/providers/Olivr/gpg/latest

ekristen commented 11 months ago

@bshibilov-sh glad you found something that works.

I'll be adding passphrase support soon. Still trying to find a solution for expiry in the way that's been asked.

Marcus-James-Adams commented 10 months ago

@ekristen i am not hung up on the exact way of setting expiry eg days as long as an expiry can be set - it could be a date - it's just we have some suppliers who won't accept keys unless there is an expiry set to them

ekristen commented 10 months ago

I've got some time this week to dedicate, I've already got some of this implemented in dev, still working on figuring out the expiry, but will likely push the passphrase sooner than later.