How to insert my RSA private key into GCE VM through Google Deployment Manager?

Question

Does anyone know how to pass a RSA private key through the deployment configuration file below to a Google Compute Engine (GCE) virtual machine? The reason I am doing this is because the software installed in my GCE virtual machine needs to SSH into some other virtual machines in which the corresponding RSA public key has already been installed.

resources:
- name: gml
  type: gml.py
  properties:
    zones:
    - us-east1-b
    - europe-west1-b
    - asia-east1-a
    machineType: n1-standard-2
    nodesPerZone: 5
    diskSize: 10
    privKey: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIEowIBAAKCAQEAmjMePciwIBJYSWTE9CTF0o1xQt3sbIGrJO3HKTseR4Bs+zqI
      HehgkWMCnXMnJeE+7YpF4JI1gXEIhaGH+9GkN3/Zxu8VMC5zHwXChg3b/Ew1Ws7c
      PjIi+YKpyRg70v623UqGBMb58hPTCEAF91Q00zT95dxGUWBus9rovpZdgT0flp/8
      X134qGp3bzvgZ1P0BGW6ZcLkmtPFgv6E/jDmV36eNzOEMmyhq7HvEcDaMMyT5PuD
      i2HAGNE1u8rgFuIVgipN5SEZ5GcFGZF9boMXObr7JkeCvgt7masTUNVw2Ii5JxNB
      GVFzpLNVxHeo7YBqhz5/8aaLdNY58LIbioRm3wIDAQABAoIBAHYxnIqLG8VZiman
      YPgqf5+GXzx70s7RDZf+0lvePrVb0S04jkEub2bBV63MKEO2xX9aL3mVWIHhXEDh
      sdPpu0/3JbyAYeNOl1s+FP6f/PEEkRkL2nGqCHjsGKxVcPWn3A7/In7i7Y8KdwWp
      .....
      .....
      -----END RSA PRIVATE KEY-----

score 0 · Answer 1 · answered Jun 29 '17 at 14:05

I think the only way to place a file would be with a startup script. Something like

metadata:
- key: startup-script
  value: |
  #!/usr/bin/env bash
  # create file if not exist
  ...

or

metadata:
- key: startup-script-url
  value: gs://my-secret-bucket/set-key.sh

Personally, I prefer the latter. If you need to update the script for some reason it will not require updating the deployment, and the key would not be visible cloud console.

In either case you should gauge for yourself where you want your private key to be visible.

How to insert my RSA private key into GCE VM through Google Deployment Manager?

1 Answers1