Automatic creation of key-pair for EC2 Machines

[krisdante]

Background

Currently, the creation of key-pair is not automated. The key needs to be created by hand and it's the name provided in settings.

Need

It could be possible to offload this to automation. One of the solutions would be to generate the key elsewhere and put the key itself into settings. Then this key will be added to AWS.

Why?

This would allow us to generate those keys in CI when CI does not know them yet, and also allow users to provide their private (sic!) keys.

[pinkeen]

I see one problem with that - the private key needs to be persisted in a safe place, otherwise, we risk losing it. Usually, the workspace of the CI job that runs initial provisioning is temporary and depending on the setup it may be wiped up after each build.

This could be a part of the workflow when setting up a new project though.

[pinkeen]

This would be a perfect feature for integrating a secret storage system like Hashicorp Vault though. Something to think about...

[krisdante]

"One of the solutions would be to generate the key elsewhere and put the key itself into settings." I rather assume that some system will first generate the key and than just pass it to AWS.