openshift-docs/modules/virt-enabling-dynamic-key-injection-cli.adoc

// Module included in the following assemblies:
//
// * virt/virtual_machines/virt-accessing-vm-ssh.adoc

:_mod-docs-content-type: PROCEDURE
[id="virt-enabling-dynamic-key-injection-cli_{context}"]
= Enabling dynamic key injection by using the CLI

[role="_abstract"]
You can enable dynamic key injection for a virtual machine (VM) by using the command line. Then, you can update the public SSH key at runtime.

[NOTE]
====
Only {op-system-base-full} 9 supports dynamic key injection.
====

The key is added to the VM by the QEMU guest agent, which is installed automatically with {op-system-base} 9.

.Prerequisites

* You generated an SSH key pair by running the `ssh-keygen` command.
* You have installed the {oc-first}.

.Procedure

. Create a manifest file for a `VirtualMachine` object and a `Secret` object.
+
Example manifest:
+
[source,yaml]
----
include::snippets/virt-dynamic-key.yaml[]
----
<1> Specify the `cloudInitNoCloud` data source.
<2> Specify the `Secret` object name.
<3> Paste the public SSH key.

. Create the `VirtualMachine` and `Secret` objects by running the following command:
+
[source,terminal]
----
$ oc create -f <manifest_file>.yaml
----

. Start the VM by running the following command:
+
[source,terminal]
----
$ virtctl start vm example-vm -n example-namespace
---- 

.Verification
* Get the VM configuration:
+
[source,terminal]
----
$ oc describe vm example-vm -n example-namespace
----
+
Example output:
+
[source,yaml]
----
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
  name: example-vm
  namespace: example-namespace
spec:
  template:
    spec:
      accessCredentials:
        - sshPublicKey:
            propagationMethod:
              qemuGuestAgent:
                users: ["cloud-user"]
            source:
              secret:
                secretName: authorized-keys
# ...
----