There were extensive conversations in #4764 about how to handle the default value of ssh_public_keys in instance create. The behavior implemented in #4764 is that during instance create if a user doesn't provide a value for ssh_public_keys then all their keys are transferred over (like the previous behavior). If they do provide a vec of keys, only those keys are transferred. If they provide an empty vec no keys are transferred.
There are many things to consider here. The security implications of implicitly transferring keys when that may not be the intended behavior, the user experience of requiring this field vs having it optional, the expected default behavior customers have for this functionality, etc.
We need to do some product discovery on what the proper solution is here and implement that for the next release.
Please see this thread for more context: #4764 (comment)
There were extensive conversations in #4764 about how to handle the default value of
ssh_public_keysin instance create. The behavior implemented in #4764 is that during instance create if a user doesn't provide a value forssh_public_keysthen all their keys are transferred over (like the previous behavior). If they do provide a vec of keys, only those keys are transferred. If they provide an empty vec no keys are transferred.There are many things to consider here. The security implications of implicitly transferring keys when that may not be the intended behavior, the user experience of requiring this field vs having it optional, the expected default behavior customers have for this functionality, etc.
We need to do some product discovery on what the proper solution is here and implement that for the next release.
Please see this thread for more context: #4764 (comment)