Hi DigitalOcean Team,
I'm migrating some servers from AWS to DigitalOcean. The servers are deployed with Terraform. The Terraform configs create separately-named SSH key objects for each server. These keys are duplicates. Unfortunately, the DigitalOcean API is returning:
"Error creating SSH Key: POST https://api.digitalocean.com/v2/account/keys: 422 SSH Key is already in use on your account"
Is there any need for this restriction?
I can think of several workarounds, but all have drawbacks:
- Create keys manually and assign them by name. This is unsafe since names are not keys.
- Create keys manually and assign them by ID. This is error-prone. Manual copy/paste procedures have no place in production infrastructure.
- Create a single instance of each key via one Terraform config and import the key IDs to the other configs. This requires complicated Terraform state imports. There may be security implications.
Ideally, DigitalOcean would change the API. Either of these changes would be ok:
- Allow creating duplicate keys.
- Add a data.digitalocean_ssh_key.public_key attribute and make it work with only that attribute. Then I could manually create the key through the web interface and reference the key by public key (not name or ID) in any Terraform config.