SSH Key
@ivoronin
The SSHkey plugin can be used for generating SSH keys for configuring private key authentication.
- Community
Updated 3 weeks ago
- GitHub(opens in new tab)
SSH Key
Type: sshkey
Data source used to generate SSH keys
Parameters and output
Optional
name(string) - Key name, must be unique acrosssshkeydatasource instances. Defaults topacker.type(string) - Key type, must be eitherrsaored25519. Defaults torsa.cache(string) - Key file cache behavior:reuseloads the existing file for the samenameandtype;uniquewrites a new file on every run. Defaults toreuse.
Output data
public_key(string) - SSH public key in "ssh-rsa ..." formatprivate_key_path(string) - Path to SSH private key
Notes
- Private key is written to
PACKER_CACHE_DIR(by defaultpacker_cachedirectory is used). If you delete cached private key it will be regenerated on the next run. - Packer 1.7.3 or later is required
Key lifecycle and cleanup
Generated private keys stay in the Packer cache. With default cache = "reuse", the same name and type maps to the same private key file, so a later Packer run on the same machine loads it instead of generating a new key.
Set cache = "unique" if you need a fresh key on every run. It still writes under PACKER_CACHE_DIR; it just chooses a new private key file each time. This avoids key reuse, but also leaves a new file behind after every run unless you clean it up.
The data source cannot delete the key by itself at the end of the build. Put cleanup into the Packer template, where Packer already has local execution steps for successful and failed builds.
For successful builds, add a final shell-local post-processor inside the build block:
post-processor "shell-local" {
inline = [
"rm -f -- '${data.sshkey.install.private_key_path}'",
]
}
For provisioning failures, add the same command as an error-cleanup-provisioner inside the build block:
error-cleanup-provisioner "shell-local" {
inline = [
"rm -f -- '${data.sshkey.install.private_key_path}'",
]
}