github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/website/source/docs/providers/tls/r/private_key.html.md

github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/website/source/docs/providers/tls/r/private_key.html.md (about)

     1  ---
     2  layout: "tls"
     3  page_title: "TLS: tls_private_key"
     4  sidebar_current: "docs-tls-resource-private-key"
     5  description: |-
     6    Creates a PEM-encoded private key.
     7  ---
     8  
     9  # tls\_private\_key
    10  
    11  Generates a secure private key and encodes it as PEM. This resource is
    12  primarily intended for easily bootstrapping throwaway development
    13  environments.
    14  
    15  ~> **Important Security Notice** The private key generated by this resource will
    16  be stored *unencrypted* in your Terraform state file. **Use of this resource
    17  for production deployments is *not* recommended**. Instead, generate
    18  a private key file outside of Terraform and distribute it securely
    19  to the system where Terraform will be run.
    20  
    21  This is a *logical resource*, so it contributes only to the current Terraform
    22  state and does not create any external managed resources.
    23  
    24  ## Example Usage
    25  
    26  ```
    27  resource "tls_private_key" "example" {
    28      algorithm = "ECDSA"
    29      ecdsa_curve = "P384"
    30  }
    31  ```
    32  
    33  ## Argument Reference
    34  
    35  The following arguments are supported:
    36  
    37  * `algorithm` - (Required) The name of the algorithm to use for
    38  the key. Currently-supported values are "RSA" and "ECDSA".
    39  
    40  * `rsa_bits` - (Optional) When `algorithm` is "RSA", the size of the generated
    41  RSA key in bits. Defaults to 2048.
    42  
    43  * `ecdsa_curve` - (Optional) When `algorithm` is "ECDSA", the name of the elliptic
    44  curve to use. May be any one of "P224", "P256", "P384" or "P521", with "P224" as the
    45  default.
    46  
    47  ## Attributes Reference
    48  
    49  The following attributes are exported:
    50  
    51  * `algorithm` - The algorithm that was selected for the key.
    52  * `private_key_pem` - The private key data in PEM format.
    53  * `public_key_pem` - The public key data in PEM format.
    54  * `public_key_openssh` - The public key data in OpenSSH `authorized_keys`
    55    format, if the selected private key format is compatible. All RSA keys
    56    are supported, and ECDSA keys with curves "P256", "P384" and "P251"
    57    are supported. This attribute is empty if an incompatible ECDSA curve
    58    is selected.
    59  
    60  ## Generating a New Key
    61  
    62  Since a private key is a logical resource that lives only in the Terraform state,
    63  it will persist until it is explicitly destroyed by the user.
    64  
    65  In order to force the generation of a new key within an existing state, the
    66  private key instance can be "tainted":
    67  
    68  ```
    69  terraform taint tls_private_key.example
    70  ```
    71  
    72  A new key will then be generated on the next ``terraform apply``.