Terraform: unable to use pgp key with aws_iam_access_key

Hi Guys,

I am trying to make use of the new feature in Terraform 0.8.0.
https://github.com/hashicorp/terraform/pull/10615

The PGP key here is just a test key so there is no issue with it being compromised.

`
variable aws_region {}

provider "aws" {
region = "${var.aws_region}"
}

resource "aws_iam_user" "ecr_user" {
name = "ecr_user"
force_destroy = true
}

resource "aws_iam_access_key" "ecr_user" {
user = "${aws_iam_user.ecr_user.name}"
pgp_key = "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tDQpWZXJzaW9uOiBLZXliYXNlIE9wZW5QR1AgdjEuMC4wDQpDb21tZW50OiBodHRwczovL2tleWJhc2UuaW8vY3J5cHRvDQoNCnhtOEVXRmZVQ1JNRks0RUVBQ0lEQXdUbERnenlmYzNvSlAzV0lPcTFTaTRsUUpUNW9lUEszVEdqeGZHQU5KRVQNCjhFSkt2Y3g5MkMxUGFlTEVieEJhT2Q0S0xRWThkdFFYOHVNRndqTm95bUpDaE1KMmJGdTZGS3F2aG1FVUNRUWUNCnkrK2dVYWpRWFlRcTFVYmVNNjdyVmNyTkxYSmhibVI1SUdOdlluVnliaUE4Y21GdVpIa3VZMjlpZFhKdVFHNWwNCmQzWnZhV05sYldWa2FXRXVZMjl0UHNLUEJCTVRDZ0FYQlFKWVY5UUpBaHN2QXdzSkJ3TVZDZ2dDSGdFQ0Y0QUENCkNna1FrMER6MHZZYmc2dWZ0UUYvUW4vemoway9WOVdLY051aThWT3hlTFZpcWFxN1lGYXZ4NGhNRmp1S1BFRjMNCnM0SGd5NnJmV2FrNWlRbXd1Rkt6QVg5WFo1VEVZZmkyWlFsekIrSlRNOU1nTVJMSUpEWFdtL0xLZ3JWWUh3by8NCjZjZ3k5WFE2YTlQMk1QYkwvc05yc2dET1VnUllWOVFKRXdncWhrak9QUU1CQndJREJNMVlBNGt2b1BNRWttK2YNCkRCVlNyNE1Ybkgvd3JzdjZCc3FESXNSUW8ySjlzTVYyWEp2YzMxMndLdXc3KzlkR2xzS3VZR0Y2NzRLN3l3NGgNCi84NHhoRmJDd0NjRUdCTUtBQThGQWxoWDFBa0ZDUThKbkFBQ0d5NEFhZ2tRazBEejB2WWJnNnRmSUFRWkV3b0ENCkJnVUNXRmZVQ1FBS0NSRFN4cklOZ29nelM3UVFBUURZa0t5bEVMeU1wR2N2cFdOL0w4aUpjajd1c0dtK0NVQjMNCjBQOEhnVHJMSUFEL1MrRkpEM0lyN1NhSjJiMUFGWU1IOVgwZ2UweFhBM1dLQ1F0OEVMcjE1bFQ5cUFHQWh3SHkNCkowMFczUmkzRXVpZnFWQjJucHNPdVVNb3N6OHZzYXFoa1BDaXZ3bHpmKzBiZjUyaXRUL3lhTk9hN1ZnOEFZQ3ENCm13QVducFB3bnFaYnIzemx2RVBmVXZTYWJHc0RUQUZjQldmVGNFdUczSUIyU2dRbUFqdDFOZkdwQTN5Q3M4dk8NClVnUllWOVFKRXdncWhrak9QUU1CQndJREJDQ25Nc05HN05XSFQ2bTBlQ3lMLzEraDJVUE9mdWRoWittOGhqOFUNCkdCTzh6dEZ3dHJyeUdQczJNYStVZ1hRYnJ6ME1zR0NnRDRmNHpHY1Z2UkduVG8zQ3dDY0VHQk1LQUE4RkFsaFgNCjFBa0ZDUThKbkFBQ0d5NEFhZ2tRazBEejB2WWJnNnRmSUFRWkV3b0FCZ1VDV0ZmVUNRQUtDUkNQWlkyekw5R3oNCklUOFlBUUNQU0dreEdRNEpDcEhXc0dNVndXQVdYSkdaZjJyYnhseDh6ckMrOSs0T0R3RUEvZ3ZpT1orcXFhN0oNCitHZC9xanpsSGxjMzFZeEY1bmxrQW9YRGM1Vk5Zbk0zamdGL2FCclpGTkkzNmlvMHdYODVjdUtPU2hsRFk0TzUNCmhEWHdpNkMzVXQvZUVTQXJJQXF5QnpmTmx3cG83Y3lyQXhTTUFZRGVGcklMTElwM0VnbHF1N0NaNHlFbnVIZXYNCnFObGRrd3kvRHVMSStIM0hoQ2hqSzNwR3FnS3hkL2JQMTVGYVN4WT0NCj05NWE3DQotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tDQo="
}

output "user_secret" {
value = "${aws_iam_access_key.ecr_user.encrypted_secret}"
}
`

Unfortunately when I use this I get the following error.
Error applying plan:
1 error(s) occurred:

• aws_iam_access_key.ecr_user: Error encrypting IAM Access Key Secret: Error parsing given PGP key: openpgp: invalid data: tag byte does not have MSB set

I made a key like this:

root@runner:~# gpg --gen-key
gpg (GnuPG) 1.4.16; Copyright (C) 2013 Free Software Foundation
, Inc.
This is free software: you are free to change and redistribute
it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 1y
Key expires at Tue 19 Dec 2017 11:48:23 AM UTC
Is this correct? (y/N) y

You need a user ID to identify your key; the software construct
s the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) heinrichh@duesseldorf.de"

Real name: Randy Coburn
Email address: randy.[email protected]
Comment: Test Key
You selected this USER-ID:
"Randy Coburn (Test Key) randy.coburn@email.com"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

gpg: gpg-agent is not available in this session
We need to generate a lot of random bytes. It is a good idea to
perform
some other action (type on the keyboard, move the mouse, utiliz
e the
disks) during the prime generation; this gives the random numbe
r
generator a better chance to gain enough entropy.

Not enough random bytes available. Please do some other work t
o give
the OS a chance to collect more entropy! (Need 288 more bytes)
......+++++
.............................................+++++
We need to generate a lot of random bytes. It is a good idea to
perform
some other action (type on the keyboard, move the mouse, utiliz
e the
disks) during the prime generation; this gives the random numbe
r
generator a better chance to gain enough entropy.
....................+++++
...................+++++
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key DB74EF86 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust mode
l
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m,
0f, 1u
gpg: next trustdb check due at 2017-12-19
pub 4096R/DB74EF86 2016-12-19 [expires: 2017-12-19]
Key fingerprint = FA8F 2A3D 9D1C 1AD6 1082 3C0B 1503 914
7 DB74 EF86
uid Randy Coburn (Test Key) randy.coburn@email.com
sub 4096R/822FDB0A 2016-12-19 [expires: 2017-12-19]

Then exported it like this:
gpg --export -a "Randy Coburn" | base64