PrivateKey Format in Terraform Cloud

I am using the OCI provider and Terraform Cloud. OCI requires a private_key_path or private_key.
I would like to store the key as a sensitive variable in Terraform Cloud Environment Variables or regular Variables. However, I keep getting invalid format as an error. I remove all new lines and I still get it.
It does work if I assign a path to the folder with it but then I am storing the key in GitHub.
What format of pem key does Terraform Cloud take as just plain text (and then mark sensitive) or if there is a better way to store the key?

I’m getting the same error. Did you find the solution or any workaround for that?

I honestly haven’t used Terraform cloud much except as a module repository. So I have not tested this in a long time.

Finally I’ve found the solution for this issue. I’ve followed this doc from GitLab.

So all you have to do is echo the key to the file stripping \r from the variable:

echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -

But this makes the output hidden because of sensitive variable $SSH_PRIVATE_KEY, so I’ve added step to output variable to a file and then strip the \r in the file:

main.tf

resource "local_file" "deploy_ssh_key" {
  filename = "/tmp/id_rsa"
  content  = var.deploy_ssh_private_key
  file_permission = 600
}

And then I call the script with local-exec. In the script I use:

tr -d '\r' < /tmp/id_rsa > ~/id_rsa
chmod 0600 ~/id_rsa
1 Like

Not a fun workaround but I’m saving this for now. Great job figuring that out.

Hi there, any other solution to this?