Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terraform provider fails with "key is not in PEM format" but snowsql works perfectly with same key #2646

Closed
carmas opened this issue Mar 23, 2024 · 4 comments
Closed

Terraform provider fails with "key is not in PEM format" but snowsql works perfectly with same key #2646

carmas opened this issue Mar 23, 2024 · 4 comments
Labels
general-usage General help/usage questions

Comments

@carmas
Copy link

carmas commented Mar 23, 2024
edited
Loading

Terraform CLI and Provider Versions

Terraform v1.7.5
on darwin_arm64

  • provider registry.terraform.io/snowflake-labs/snowflake v0.87.3-pre

Terraform Configuration

provider "snowflake" {
  authenticator = "JWT"
  user = "ME"
  account = "sssssss"
  private_key = "~/.ssh/snowflake_carmas.p8"
  private_key_passphrase = "xxxxxx"
}

terraform {
  required_version = "> 1.7.4"
}

Expected Behavior

terraform plan
........

Actual Behavior

terraform plan
....
Error: could not retrieve private key: could not parse private key, key is not in PEM format

│ with provider["registry.terraform.io/snowflake-labs/snowflake"],
│ on provider.tf line 1, in provider "snowflake":
│ 1: provider "snowflake" {

Steps to Reproduce

https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs#example-provider-configuration

  • Followed the instructions, tested the encrypted key with SnowSQL (snowsql CLI)

How much impact is this issue causing?

High

Logs

No response

Additional Information

https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs#example-provider-configuration

snowsql CLI works with the encrypted keys
@carmas carmas added the bug Used to mark issues with provider's incorrect behavior label Mar 23, 2024
@carmas
Copy link
Author

carmas commented Mar 23, 2024

  • the key + passphrase work with snowsql
  • they key generation was done as recommended:

$ openssl genrsa -out snowflake_carmas 4096
$ openssl rsa -in snowflake_carmas -pubout -out snowflake_carmas.pub
$ openssl pkcs8 -topk8 -inform pem -in snowflake_carmas -outform PEM -v2 aes-256-cbc -out snowflake_carmas.p8

@carmas
Copy link
Author

carmas commented Mar 23, 2024

2024-03-23T00:22:33.524-0700 [ERROR] provider.terraform-provider-snowflake_v0.87.3-pre: Response contains error diagnostic: @caller=github.com/hashicorp/terraform-plugin-go@v0.20.0/tfprotov6/internal/diag/diagnostics.go:62 @module=sdk.proto diagnostic_detail="" tf_req_id=1cf7bab5-f93c-739c-9b0a-4b73b7769586 tf_rpc=ConfigureProvider diagnostic_severity=ERROR diagnostic_summary="could not retrieve private key: could not parse private key, key is not in PEM format" tf_proto_version=6.4 tf_provider_addr=registry.terraform.io/Snowflake-Labs/snowflake timestamp=2024-03-23T00:22:33.524-0700
2024-03-23T00:22:33.524-0700 [ERROR] vertex "provider["registry.terraform.io/snowflake-labs/snowflake"]" error: could not retrieve private key: could not parse private key, key is not in PEM format
2024-03-23T00:22:33.525-0700 [INFO] backend/local: refresh calling Refresh

@sfc-gh-asawicki sfc-gh-asawicki added general-usage General help/usage questions and removed bug Used to mark issues with provider's incorrect behavior labels Mar 25, 2024
@sfc-gh-asawicki
Copy link
Collaborator

Hey @carmas. Thanks for reaching out to us.

private_key is not expecting the path to the key but the key itself. You have the deprecated private_key_path but we recommended using private_key with file Function istead.

@carmas
Copy link
Author

carmas commented Mar 25, 2024

@sfc-gh-asawicki thank you!
Indeed, the use of file() solved the problem for us, appreciate the help!
thanks again!

@carmas carmas closed this as completed Mar 25, 2024
@sfc-gh-jmichalak sfc-gh-jmichalak mentioned this issue Jul 1, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
general-usage General help/usage questions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@carmas @sfc-gh-asawicki