OPENSHIFTP-237: marking ssh pub keys as sensitive

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>
IBM · Sep 26, 2024 · 38578af · 38578af
1 parent f701a2c
commit 38578af
Show file tree

Hide file tree

Showing 5 changed files with 4 additions and 17 deletions.
diff --git a/modules/1_vpc_support/0_keys/outputs.tf b/modules/1_vpc_support/0_keys/outputs.tf
@@ -1,12 +1,8 @@
 ################################################################
-# Copyright 2023 - IBM Corporation. All rights reserved
+# Copyright 2024 - IBM Corporation. All rights reserved
 # SPDX-License-Identifier: Apache-2.0
 ################################################################
 
-output "vpc_check_key" {
-  value = local.check_key
-}
-
 output "key_id" {
   value = local.key_id
 }
diff --git a/modules/1_vpc_support/0_keys/vpc_keys.tf b/modules/1_vpc_support/0_keys/vpc_keys.tf
@@ -20,7 +20,7 @@ locals {
 resource "ibm_is_ssh_key" "vpc_support_ssh_key_cond_create" {
   count          = var.skip_vpc_key ? 0 : 1
   name           = "${var.vpc_name}-keypair"
-  public_key     = local.public_key
+  public_key     = sensitive(local.public_key)
   resource_group = var.resource_group
 }
 

diff --git a/modules/1_vpc_support/outputs.tf b/modules/1_vpc_support/outputs.tf
@@ -1,12 +1,8 @@
 ################################################################
-# Copyright 2023 - IBM Corporation. All rights reserved
+# Copyright 2024 - IBM Corporation. All rights reserved
 # SPDX-License-Identifier: Apache-2.0
 ################################################################
 
-output "vpc_check_key" {
-  value = module.keys.vpc_check_key
-}
-
 output "vpc_support_server_ip" {
   value = module.vsi.vpc_support_server_ip
 }

diff --git a/modules/2_pvs_prepare/keys/keys.tf b/modules/2_pvs_prepare/keys/keys.tf
@@ -7,5 +7,5 @@
 resource "ibm_pi_key" "key" {
   pi_cloud_instance_id = var.powervs_service_instance_id
   pi_key_name          = "${var.name_prefix}-keypair"
-  pi_ssh_key           = file(var.public_key_file)
+  pi_ssh_key           = sensitive(file(var.public_key_file))
 }
diff --git a/outputs.tf b/outputs.tf
@@ -16,11 +16,6 @@ output "vpc_support_server_ip" {
   value       = module.vpc_support.vpc_support_server_ip
 }
 
-output "vpc_check_key" {
-  description = "The VPC SSH Key that was added/checked against existing keys"
-  value       = module.vpc_support.vpc_check_key
-}
-
 output "transit_gateway_name" {
   description = "The name of the Transit Gateway"
   value       = module.vpc_support.transit_gateway_name