Permission denied (publickey) while calling modules from another repository

Terraform
1

I am trying to call modules in terraform from a different repository inside the workflow but it fails with the error below:

Call from main.tf:

module “vpc” {
source = “git@github.com:org/repo.git//terraform/modules/vpc”
image_name = var.image_name
workspace = var.env
vpc_cidr_block = var.db_vpc_cidr_block
subnet_cidr_block = var.db_subnet_cidr_block
subnet2_cidr_block = var.db_subnet2_cidr_block
subnet_availability_zone = var.db_subnet_availability_zone
subnet2_availability_zone = var.db_subnet2_availability_zone
}

Failure error while running terraform init:

Error: Failed to download module

Could not download module “api-gateway” (main.tf:132) source code from
“git::ssh://git@github.com/org/repo.git”: error downloading
‘ssh://git@github.com/org/repo.git’: /usr/bin/git exited
with 128: Cloning into ‘.terraform/modules/api-gateway’…
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

when i tried to replace the ssh with https, I get the error for username

module “vpc” {
source = “git::https://github.com/org/repo.git//terraform/modules/vpc
image_name = var.image_name
workspace = var.env
vpc_cidr_block = var.db_vpc_cidr_block
subnet_cidr_block = var.db_subnet_cidr_block
subnet2_cidr_block = var.db_subnet2_cidr_block
subnet_availability_zone = var.db_subnet_availability_zone
subnet2_availability_zone = var.db_subnet2_availability_zone
}

3

Hi @ankit-ghub,

This message is coming from Git rather than from Terraform, so it will probably be easier to debug it while running Git directly rather than with Terraform running Git itself.

Do you see the same problem if you clone this repository directly using Git?

git clone ssh://git@github.com/org/repo.git

Technically the message is actually coming from SSH which Git is running, so there’s even one more level of indirection here. It might be informative to try using SSH directly to see if even that fails:

ssh git@github.com

If this works then GitHub’s SSH server should tell you your GitHub username and then terminate the connection. If it doesn’t work then that suggests that you don’t have your SSH key registered.

If you see an interactive prompt for your GitHub password from either of these commands then I think that’s the problem: Terraform expects run run Git in a non-interactive way and so you will need to set up SSH key authentication to be able to fetch Terraform modules from GitHub.

4

Hi @apparentlymart ,

when I try to clone the repo in my local then it works completely fine, it is the CI that fails while downloading the modules in terraform init

5

Hi @ankit-ghub,

For this to work I think you will need to either set up your workflow to configure some Git credentials before running Terraform, or if you are using a CI system that allows you to customize the execution environment then arrange for it to already have Git credentials available before taking any other actions.

Unfortunately the details of how to achieve that would depend on which CI system you are using and are not directly in scope for Terraform. Terraform is internally just running git clone and relying on Git to already have been correctly configured.

If you can name the CI system you are using then others in the forum might be familiar with it and be able to describe how to set up Git authentication in that system.