Feature Request: Enhancing SSHKeyPair Generation with Customizable Algorithms and Options

[mrchypark]

First of all, I would like to extend my deepest gratitude and respect for your incredible work on the mittwald/kubernetes-secret-generator project. Your efforts have significantly contributed to the Kubernetes community, making secret management more secure and convenient.

Is your feature request related to a problem? Please describe.

Yes, the current limitation is the lack of customization in the SSHKeyPair generation within the mittwald/kubernetes-secret-generator project. The inability to specify a preferred encryption algorithm and key options restricts users who have specific security, compliance, or performance requirements. This limitation can be frustrating for users who need to adhere to strict security policies or who wish to optimize their SSH keys for specific environments.

Describe the solution you'd like
A clear and concise description of what you want to happen.

I would like the project to include a feature that allows users to customize the SSHKeyPair generation process. Specifically, the ability to choose the encryption algorithm (e.g., RSA, ECDSA, Ed25519) and set relevant options like key size. This feature would empower users to generate keys that meet their specific security and performance requirements, ensuring compliance with various standards and enhancing the overall utility of the tool.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

An alternative could be to use external tools to generate SSH keys according to the desired specifications and then manually integrate them into the Kubernetes environment. However, this approach is less efficient and could lead to inconsistencies or errors in key management.

Additional context
Add any other context or screenshots about the feature request here.

Adding this feature would align the project with best practices in security and infrastructure management, catering to a broader range of user needs and compliance requirements.

[martin-helmich]

Hey @mrchypark! 👋 Thanks for your kind feedback -- that means a lot. 🙂

I would like the project to include a feature that allows users to customize the SSHKeyPair generation process. Specifically, the ability to choose the encryption algorithm (e.g., RSA, ECDSA, Ed25519) and set relevant options like key size.

That definitely makes sense! I think that this might be implemented by adding a few options to the SSHKeyPair custom resource (btw., it already has a length attribute for controlling the key size) -- however, support for different key algorithms might necessitate some refactoring in the secrets package of this operator, since that is relatively tightly coupled to crypto/rsa.

Lately, we haven't been able to give this project as much attention as it deserves and I cannot make any promises as to when we'd get around to adding this; in the meantime, I'll label this issue as help-wanded and will gladly accept pull requests. 🙂