Support the use of a personal GitHub access token

[mdb]

Thanks for your hard work on terraform-resource!

In current implementation, terraform-resource supports the use of a private_keyas "An SSH key used to fetch modules."

However, in many scenarios, a personal access token is arguably preferable, as it is the GitHub-recommended way to clone and does not require strict host key checking to be disabled.

Is it an option to consider supporting fetching modules with personal access tokens?

Thanks!

[ljfranklin]

@mdb thanks for bringing this up. Not verifying the host keys does open up a potential man-in-the-middle vulnerability. I'd be happy to accept a PR that allows the resource to use access tokens to authenticate against HTTPS endpoints. Alternatively, the resource could accept a list of trusted SSH host keys. Looks like Github publishes their SSH host keys. That said I think I agree with you that access tokens seem a bit more robust.

[mdb]

@ljfranklin Thanks for the response! Your suggestion that the resource could accept a list of trusted SSH host keys is an interesting thought. However, I don't believe that solution addresses my concern in scenarios where modules are fetched from non-github.aaakk.us.kg sources where trusted host keys are less easy to obtain, such as a GitHub enterprise instance or a non-GitHub git server.

I can try and carve out some time to create a pull request but if you or any other users are inspired to take a stab, please don't feel compelled to wait for my pull request.

Thanks again!