added private key encryption

2023-05-22 13:21:02 +02:00 · 2023-05-22 13:21:02 +02:00 · d7159bc678
parent 2386660369
commit d7159bc678
4 changed files with 22 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -4,7 +4,9 @@ Launches EC2 instance, creates private key, and saves it on the machine.

 Usage:
 ```
-terraform apply -var="instance_type=t2.nano" -var="instance_name=k3s-box" -var="instance_ami=ami-0889a44b331db0194" -var="availability_zone=us-east-1a" -var="create_ebs_block_device=false" - var="enable_ingress_http=false" -var="duckdns_domain=<duckdns_domain>" -var="duckdns_token=<duckdns_token>" -auto-approve
+terraform apply -var="instance_type=t2.nano" -var="instance_name=k3s-box" -var="instance_ami=ami-0889a44b331db0194" -var="availability_zone=us-east-1a" -var="create_ebs_block_device=false" - var="enable_ingress_http=false" -var="duckdns_domain=<duckdns_domain>" -var="duckdns_token=<duckdns_token>" -var="private_key_password=<your_password>" -auto-approve
 ```

+Or create a tfvars file.
+
 Defaults of vars are set to the ones provided in "Usage"
--- a/ec2.tf
+++ b/ec2.tf
@ -33,6 +33,14 @@ resource "aws_instance" "k3s_box" {
     ]
  }

+  provisioner "local-exec" {
+    inline = [
+      "chmod +x ./setup_scripts/encrypt_private_key.sh",
+      "./setup_scripts/encrypt_private_key.sh ${var.private_key_password} ${local_file.k3s_box_private_key.filename}"
+    ]
+  }
+
+
  tags = {
    Name = var.instance_name
  }
--- a/setup_scripts/encrypt_private_key.sh
+++ b/setup_scripts/encrypt_private_key.sh
@ -0,0 +1,6 @@
+#! /bin/bash
+
+# assuming gpg is installed
+password="$1"
+filename="$2"
+gpg --symmetric --cipher-algo AES256 --passphrase "$password" "$filename"
--- a/variables.tf
+++ b/variables.tf
@ -36,4 +36,9 @@ variable "duckdns_domain" {
 variable "duckdns_token" {
  type = string
  default = "None"
+}
+
+variable "private_key_password" {
+    type = string
+    default = "password"
 }