phala_ssh_key manages SSH public keys at the account level in Phala Cloud. These keys can be referenced or injected into CVM deployments for SSH access.
Example Usage
Required Attributes
| Attribute | Type | Description |
|---|---|---|
name | String | Display name for the SSH key. Immutable — changing forces replacement. |
public_key | String | SSH public key content (e.g. the contents of ~/.ssh/id_ed25519.pub). Immutable — changing forces replacement. |
Read-Only (Computed) Attributes
| Attribute | Type | Description |
|---|---|---|
id | String | SSH key identifier assigned by the API. |
fingerprint | String | Computed key fingerprint. |
key_type | String | Key type (e.g. ssh-ed25519, ssh-rsa). |
created_at | String | Creation timestamp. |
updated_at | String | Last update timestamp. |
source | String | Key source metadata reported by the API. |
Behavior
Immutable Fields
Bothname and public_key are immutable. If you change either one, Terraform destroys the old key and creates a new one. This mirrors the DigitalOcean SSH key pattern where keys are treated as immutable identities.
SSH Keys vs. ssh_authorized_keys
There are two ways to get SSH access into a CVM:phala_ssh_keyresource — manages account-level keys in the Phala Cloud API. These persist across deployments.ssh_authorized_keysonphala_app— injects keys directly into a specific deployment at launch time. These are per-deployment and force-new.
ssh_authorized_keys attribute on phala_app accepts raw public key strings, not references to phala_ssh_key resources.
API Backing
The resource uses these Phala Cloud API endpoints:POST /user/ssh-keys— createGET /user/ssh-keys— readDELETE /user/ssh-keys/{id}— delete
Related
- phala_app Resource — deploying apps with SSH access
- Examples — SSH access patterns