added private key encryption

README.md

@@ -4,7 +4,9 @@ Launches EC2 instance, creates private key, and saves it on the machine.
 
 Usage:
 ```
-terraform apply -var="instance_type=t2.nano" -var="instance_name=k3s-box" -var="instance_ami=ami-0889a44b331db0194" -var="availability_zone=us-east-1a" -var="create_ebs_block_device=false" - var="enable_ingress_http=false" -var="duckdns_domain=<duckdns_domain>" -var="duckdns_token=<duckdns_token>" -auto-approve
+terraform apply -var="instance_type=t2.nano" -var="instance_name=k3s-box" -var="instance_ami=ami-0889a44b331db0194" -var="availability_zone=us-east-1a" -var="create_ebs_block_device=false" - var="enable_ingress_http=false" -var="duckdns_domain=<duckdns_domain>" -var="duckdns_token=<duckdns_token>" -var="private_key_password=<your_password>" -auto-approve
 ```
 
+Or create a tfvars file.
+
 Defaults of vars are set to the ones provided in "Usage"

ec2.tf

@@ -33,6 +33,14 @@ resource "aws_instance" "k3s_box" {
      ]
   }
 
+  provisioner "local-exec" {
+    inline = [
+      "chmod +x ./setup_scripts/encrypt_private_key.sh",
+      "./setup_scripts/encrypt_private_key.sh ${var.private_key_password} ${local_file.k3s_box_private_key.filename}"
+    ]
+  }
+
+
   tags = {
     Name = var.instance_name
   }

setup_scripts/encrypt_private_key.sh

@@ -0,0 +1,6 @@
+#! /bin/bash
+
+# assuming gpg is installed
+password="$1"
+filename="$2"
+gpg --symmetric --cipher-algo AES256 --passphrase "$password" "$filename"

variables.tf

@@ -37,3 +37,8 @@ variable "duckdns_token" {
   type = string
   default = "None"
 }
+
+variable "private_key_password" {
+    type = string
+    default = "password"
+}