How to create an SSH key in Terraform

SSH (Secure Shell) key is a cryptographic authentication method used in computer networks to establish secure and password-less access to remote systems. It consists of two components: a public key and a private key. The public key is stored on the remote server, while the private key is kept securely on the user's local machine. When a user attempts to log in to a remote server using SSH, the server checks the incoming public key against the authorized keys in the user's account. If a matching public key is found and the user possesses the corresponding private key, access is granted without requiring a password.

SSH keys are used in Terraform to authenticate to remote machines and to clone modules from Git repositories.

  • To authenticate to remote machines: When Terraform needs to access a remote machine, it can use an SSH key to authenticate to the machine. This ensures that only authorized users can access the machine.

  • To clone modules from Git repositories: Terraform can clone modules from Git repositories that are hosted on private servers. To do this, Terraform needs to use an SSH key to authenticate to the Git server.

Creating a SSH key in Terraform

Here are the steps on how to create an SSH key using Terraform:

  1. Create a new Terraform file and add the following code:

resource "tls_private_key" "ssh_key" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

output "private_key" {
  value = tls_private_key.ssh_key.private_key_pem
  sensitive=true
}

output "public_key" {
  value = tls_private_key.ssh_key.public_key_openssh
  sensitive=true
}

The output in the terminal shows the generated public and private keys.

  1. Save the file and run terraform init to initialize the Terraform project.

  2. Run terraform apply to create the SSH key.

  3. The SSH key will be stored in the Terraform state file. You can export the private key using the private_key output.

Code explanation

  • Line 2: We define a Terraform resource block for creating a TLS private key. The resource type is tls_private_key, and it's given the name ssh_key that can be referenced later in the code using this name.

  • Line 3: We specify the algorithm used to generate the private key, which is RSA in this case.

  • Line 4: Here, we set the number of bits for the RSA key, which is 4096 bits. Larger key sizes generally provide stronger security but can take longer to generate.

  • Line 7: Next, we define block for declaring an output variable named private_key. Outputs are used to display information or make it accessible for external use.

  • Line 8: Then, we set the value of the private_key output to the PEM-encoded representation of the private key generated by the TLS private key resource.

  • Line 9: Here, we mark the private_key output as sensitive, meaning the actual value will be hidden in the console or logs when Terraform runs. This is useful for avoiding accidental exposure of sensitive information.

  • Line 13: Lastly, we set the value of the public_key output to the OpenSSH-formatted representation of the public key derived from the TLS private key resource.

Free AI Mock Interviews
Coding Interview
Coding PatternsFree Interview
Gain insights and practical experience with coding patterns through targeted MCQs and coding problems, designed to match and challenge your expertise level.
System Design
You TubeFree Interview
Learn to design a video streaming platform like YouTube by tackling functional and non-functional requirements, core components, and high-level to detailed design challenges.

Free Resources

Copyright ©2025 Educative, Inc. All rights reserved