Support x509/DER/SHA256 public key fingerprint #202

alanraison · 2022-05-04T21:29:13Z

Terraform CLI and Provider Versions

Terraform v1.1.9
on darwin_arm64

Use Cases or Problem Statement

When trying to configure an OIDC provider, I needed a particular checksum to be supported; namely the SHA256 hash of the DER-formatted public key.

Proposal

I propose that a new attribute, public_key_fingerprint_x509_sha256 is added to the tls_private_key resource and the tls_public_key data source.

The hash algorithm seems to use standard encryption methods and Go libraries and hence seems to align with the design guidelines. However, it may cause property bloat to the tls_private_key resource and tls_public_key data source.

How much impact is this issue causing?

Medium

Additional Information

I have proposed the change in this provider, rather than writing a separate one, as it already has access to the key material (and indeed uses the x509 package already).

Code of Conduct

I agree to follow this project's Code of Conduct

The text was updated successfully, but these errors were encountered:

alanraison added the enhancement label May 4, 2022

alanraison linked a pull request May 4, 2022 that will close this issue

public_key_fingerprint_x509_sha256 #203

Open

detro added the tf-devex-triage label May 16, 2022

bookshelfdave assigned detro Jun 13, 2022

bflad unassigned detro Aug 1, 2022

bookshelfdave removed the tf-devex-triage label Aug 5, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support x509/DER/SHA256 public key fingerprint #202

Support x509/DER/SHA256 public key fingerprint #202

alanraison commented May 4, 2022

Support x509/DER/SHA256 public key fingerprint #202

Support x509/DER/SHA256 public key fingerprint #202

Comments

alanraison commented May 4, 2022

Terraform CLI and Provider Versions

Use Cases or Problem Statement

Proposal

How much impact is this issue causing?

Additional Information

Code of Conduct