How to use terraform script to create IAM user with gpg key?

Question

Per the doc https://registry.terraform.io/providers/hashicorp/aws/3.24.0/docs/resources/iam_user_login_profile, it requires a base-64 encoded PGP public key. I use gpg command created the key.

gpg --gen-key

pub rsa3072 2023-07-14 [SC] [expires: 2025-07-13]

  6AE78F61DB1####################3C81356FBB

I got errors when I ran terraform apply.

"Error: creating IAM User Login Profile for "frontend": encrypting Password: parsing given PGP key: openpgp: invalid data: tag byte does not have MSB set".

I did research. It says the gpg command auto creates the MSB set. No clue what the root cause is. As follows is the terraform code.

module "iam_user" {
  source  = "terraform-aws-modules/iam/aws//modules/iam-user"
  name = "frontend"
  create_user                   = true
  create_iam_user_login_profile = true
  create_iam_access_key         = true
  force_destroy                 = false
  password_length               = 20
  password_reset_required       = true
  #base-64 encoded PGP public key
  pgp_key                       = "6AE78F61DB1####################3C81356FBB"
}

Answer 1

This might be happening because you're exporting the key in ASCII format, then base64-encoding it. You should be exporting the key in binary format, then base64-encoding it, i.e. rather than:

gpg --export -a "YOUR USER_NAME" | base64

do this:

gpg --export "YOUR USER_NAME" | base64

It will work.