I manage GCP infrastructure with Terraform and one area I can’t quite figure out is the inclusion of a specific SSL certificate that I need to upload to the machine
As a temporary workaround I just include the cert & key in the startup script in plain text but this isn’t scalable or secure, plus it’s shown in plain text within the GCP console for custom metadata for that host
What is the best way to do this? I had thought about adding some SCP and pulling the cert from aother box in a more secure way but that seems like a clunky way to do it
I have been also looking at if there is a Vault use case for this too, to pull the file once the machine is running, but when I look at SSL/PKI related stuff for vault is seems to be for more complex use cases
Thanks in advance for any advice!