Skip to content

Public key

The public key is used to encrypt the AWS credentials that are generated by the admin pipeline. In this section we will see how this key is generated and then how to use the key to encrypt the credentials in the terraform pipeline.

Generating the key-pair

  1. Check if gpg is installed in your system 
    $ gpg --version
  2. If the above command is running then gpg is installed in your system.
  3. Run the below command to generate the full key pair 
    $ gpg --full-gen-key
  4. You will get certain options that you can configure. For more info: New GPG key
  5. In the last step you will be prompted for a password in the key pair generation. Keep the password secure.
  6. Once the keys are generated you can see the keys via the command 
    # public key
$ gpg --list-public-keys

# secret key
$ gpg --list-secret-keys
  7. To output the keys in a file (use the <EMAIL> used to generate the keys) 
    # output public key in public.gpg
$ gpg --output public.pgp --armor --export <EMAIL>

# output secret key in private.gpg (will be prompted for password)
$ gpg --output private.pgp --armor --export-secret-key <EMAIL>

Using public key to encrypt AWS credentials

  1. We will use the public key generated above to encrypt the AWS credentials.
  2. We need to take base64 encoding of the public key and then pass it to terraform. The terraform AWS provider takes the public key and encrypt the credentials.
  3. To generate the base64 encoding run the below command 
    gpg --export <EMAIL> | base64 | tr -d '\n' ; echo
  4. Use the above output and pass it in the variable public_key in the Step-1
  5. Although the key is already kept there and we don't need to replace it.

References