Open Eusebius1920 opened 4 months ago
Example resource:
resource "tls_private_key" "private_key" {
algorithm = "RSA"
rsa_bits = 2048
}
resource "keepass_entry" "example1" {
group_uuid = "a3fe9a6931b34ab1a480286d6a6aa111"
title = "example1"
username = "hehehe"
password = "123"
notes = "Yes\nmultiline\nnotes"
url = "https://example.com"
ssh_key {
private_key = tls_private_key.private_key.private_key_openssh
ssh_agent_lifetime_constraint_duration = 3600
ssh_agent_use_lifetime_constraint_when_adding = true
ssh_agent_use_confirm_constraint_when_adding = true
ssh_agent_add_at_database_open = true
ssh_agent_remove_at_database_close = false
}
}
Hi, I think adding a resource for creating entries is reasonable, but the ssh-agent integration is in my opinion out of scope of this provider. I think ssh-agent management would be better suited to a separate provider.
Hi, I think adding a resource for creating entries is reasonable, but the ssh-agent integration is in my opinion out of scope of this provider. I think ssh-agent management would be better suited to a separate provider.
Just to be sure we are on the same page: The ssh-agent management is just about providing a xml-file as an attachment to a keepass entry which is then used by other applications (like keepassxc or keeagent) to automatically supply ssh-keys that are stored inside the keepass entry (again as an attachment) to be automatically exposed to ssh-agent. It is not about managing or running ssh-agent itself from the provider. Just an XML-File as a configuration file attached to a keepass entry (as a simple attachment)
I need to add resources in the keepass database via terraform.
To do this I created a resource "keepass_entry" that allows addition of keepass entries to this provider. Allowing VMs to be provisioned by cloud-init, generating a ssh-key inside terraform and finally exporting the ssh-keys to keepass, where you can use keepassXC's feature to connect to your local ssh-agent to seamlessly use those keys for the provisioned machines.
The change is a quite large commit in a fork of your repository:
https://github.com/Eusebius1920/terraform-provider-keepass/commit/2f4bbc0e6a8fdb870f6158514bd6f1ebdf89a63e
I wanted to hear your opinion if you would be willing to accept this as a contribution to your provider? It is quite a big change to the existing code-base. If so, I would then create a Pull-Request to get that going.
The following things would need to be adjusted by me ( - I am currently using it only for myself, so I skipped these parts):
I would like to hear your thoughts about this!