diff --git a/.gitignore b/.gitignore
index a8419f8d..ca9ff333 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,4 @@ bin
 *env
 vendor/*
 
+__debug*
diff --git a/go.mod b/go.mod
index 664bcc82..c4437b8e 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.21
 toolchain go1.21.0
 
 require (
-	github.com/Telmate/proxmox-api-go v0.0.0-20241228220045-c829269b575d
+	github.com/Telmate/proxmox-api-go v0.0.0-20250128070459-69a4086d74f2
 	github.com/google/uuid v1.6.0
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0
@@ -17,8 +17,8 @@ require (
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/tools v0.20.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
@@ -61,11 +61,11 @@ require (
 	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	github.com/zclconf/go-cty v1.14.4 // indirect
-	golang.org/x/crypto v0.23.0 // indirect
+	golang.org/x/crypto v0.32.0 // indirect
 	golang.org/x/mod v0.17.0 // indirect
-	golang.org/x/net v0.24.0 // indirect
-	golang.org/x/sys v0.20.0 // indirect
-	golang.org/x/text v0.15.0 // indirect
+	golang.org/x/net v0.25.0 // indirect
+	golang.org/x/sys v0.29.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be // indirect
 	google.golang.org/grpc v1.63.2 // indirect
diff --git a/go.sum b/go.sum
index 1656fc2e..b18ddd2a 100644
--- a/go.sum
+++ b/go.sum
@@ -4,8 +4,8 @@ github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migc
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
 github.com/ProtonMail/go-crypto v1.1.0-alpha.2-proton h1:HKz85FwoXx86kVtTvFke7rgHvq/HoloSUvW5semjFWs=
 github.com/ProtonMail/go-crypto v1.1.0-alpha.2-proton/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
-github.com/Telmate/proxmox-api-go v0.0.0-20241228220045-c829269b575d h1:iFAi3XR4GFHo4jiD8qH0wbbYU7/KFLk5J9dLi4+L6ac=
-github.com/Telmate/proxmox-api-go v0.0.0-20241228220045-c829269b575d/go.mod h1:Gu6n6vEn1hlyFUkjrvU+X1fdgaSXLoM9HKYYJqy1fsY=
+github.com/Telmate/proxmox-api-go v0.0.0-20250128070459-69a4086d74f2 h1:W8BfBEgepG1s0V6EofwnipvpDBxKNdjKglHR+t2WNJI=
+github.com/Telmate/proxmox-api-go v0.0.0-20250128070459-69a4086d74f2/go.mod h1:6qNnkqdMB+22ytC/5qGAIIqtdK9egN1b/Sqs9tB/i1Y=
 github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
 github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
 github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec=
@@ -158,8 +158,8 @@ github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b h1:FosyBZYxY3
 github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
-golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
+golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
@@ -167,13 +167,13 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
-golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -187,24 +187,24 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
-golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw=
-golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
+golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
+golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
-golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY=
-golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
diff --git a/proxmox/Internal/pve/guest/sshkeys/sshkeys.go b/proxmox/Internal/pve/guest/sshkeys/sshkeys.go
deleted file mode 100644
index 5ee08df7..00000000
--- a/proxmox/Internal/pve/guest/sshkeys/sshkeys.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package sshkeys
-
-import (
-	"crypto"
-	"regexp"
-	"strings"
-)
-
-var regexMultipleSpaces = regexp.MustCompile(`\s+`)
-
-func Split(rawKeys string) *[]crypto.PublicKey {
-	tmpKeys := strings.Split(rawKeys, "\n")
-	keys := make([]crypto.PublicKey, len(tmpKeys))
-	for i, e := range tmpKeys {
-		keys[i] = crypto.PublicKey(e)
-	}
-	return &keys
-}
-
-func String(keys *[]crypto.PublicKey) string {
-	if keys != nil {
-		var rawKeys string
-		for _, key := range *keys {
-			rawKeys += "\n" + key.(string)
-		}
-		if rawKeys != "" {
-			return rawKeys[1:]
-		}
-	}
-	return ""
-}
-
-func Trim(rawKeys string) string {
-	return regexMultipleSpaces.ReplaceAllString(strings.TrimSpace(rawKeys), " ")
-}
diff --git a/proxmox/Internal/resource/guest/qemu/usb/schema.go b/proxmox/Internal/resource/guest/qemu/usb/schema.go
index 7c6dc7ad..e7fc2008 100644
--- a/proxmox/Internal/resource/guest/qemu/usb/schema.go
+++ b/proxmox/Internal/resource/guest/qemu/usb/schema.go
@@ -51,7 +51,9 @@ func SchemaUSB() *schema.Schema {
 							return diag.Errorf(validator.ErrorUint, k)
 						}
 						if err := pveAPI.QemuUsbID(v).Validate(); err != nil {
-							return diag.Errorf(err.Error())
+							return diag.Diagnostics{{
+								Severity: diag.Error,
+								Summary:  err.Error()}}
 						}
 						return nil
 					},
@@ -145,7 +147,9 @@ func subSchemaDeviceID(s schema.Schema) *schema.Schema {
 			return diag.Errorf(validator.ErrorString, k)
 		}
 		if err := pveAPI.UsbDeviceID(v).Validate(); err != nil {
-			return diag.Errorf(err.Error())
+			return diag.Diagnostics{{
+				Severity: diag.Error,
+				Summary:  err.Error()}}
 		}
 		return nil
 	}
@@ -160,7 +164,9 @@ func subSchemaMappingID(s schema.Schema) *schema.Schema {
 			return diag.Errorf(validator.ErrorString, k)
 		}
 		if err := pveAPI.ResourceMappingUsbID(v).Validate(); err != nil {
-			return diag.Errorf(err.Error())
+			return diag.Diagnostics{{
+				Severity: diag.Error,
+				Summary:  err.Error()}}
 		}
 		return nil
 	}
@@ -175,7 +181,9 @@ func subSchemaPortID(s schema.Schema) *schema.Schema {
 			return diag.Errorf(validator.ErrorString, k)
 		}
 		if err := pveAPI.UsbPortID(v).Validate(); err != nil {
-			return diag.Errorf(err.Error())
+			return diag.Diagnostics{{
+				Severity: diag.Error,
+				Summary:  err.Error()}}
 		}
 		return nil
 	}
diff --git a/proxmox/Internal/resource/guest/sshkeys/schema.go b/proxmox/Internal/resource/guest/sshkeys/schema.go
new file mode 100644
index 00000000..c1077064
--- /dev/null
+++ b/proxmox/Internal/resource/guest/sshkeys/schema.go
@@ -0,0 +1,49 @@
+package sshkeys
+
+import (
+	"regexp"
+	"strings"
+
+	pveAPI "github.com/Telmate/proxmox-api-go/proxmox"
+	"github.com/hashicorp/go-cty/cty"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+const (
+	Root string = "sshkeys"
+)
+
+func Schema() *schema.Schema {
+	return &schema.Schema{
+		Type:     schema.TypeString,
+		Optional: true,
+		DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
+			return trim(old) == trim(new)
+		},
+		ValidateDiagFunc: func(i interface{}, p cty.Path) diag.Diagnostics {
+			v, ok := i.(string)
+			if !ok {
+				return diag.Errorf(Root + " must be a string")
+			}
+			if v == "" {
+				return nil
+			}
+			rawKeys := strings.Split(v, "\n")
+			for i := range rawKeys {
+				err := (&pveAPI.AuthorizedKey{}).Parse([]byte(rawKeys[i]))
+				if err != nil {
+					return diag.Diagnostics{{
+						Severity: diag.Error,
+						Summary:  err.Error()}}
+				}
+			}
+			return nil
+		}}
+}
+
+var regexMultipleSpaces = regexp.MustCompile(`\s+`)
+
+func trim(rawKeys string) string {
+	return regexMultipleSpaces.ReplaceAllString(strings.TrimSpace(rawKeys), " ")
+}
diff --git a/proxmox/Internal/resource/guest/sshkeys/sdk.go b/proxmox/Internal/resource/guest/sshkeys/sdk.go
new file mode 100644
index 00000000..6d66266e
--- /dev/null
+++ b/proxmox/Internal/resource/guest/sshkeys/sdk.go
@@ -0,0 +1,20 @@
+package sshkeys
+
+import (
+	"strings"
+
+	pveAPI "github.com/Telmate/proxmox-api-go/proxmox"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func SDK(d *schema.ResourceData) *[]pveAPI.AuthorizedKey {
+	v := d.Get(Root)
+	rawKeys := strings.Split(v.(string), "\n")
+	keys := make([]pveAPI.AuthorizedKey, len(rawKeys))
+	for i := range rawKeys {
+		tmpKey := &pveAPI.AuthorizedKey{}
+		_ = tmpKey.Parse([]byte(rawKeys[i]))
+		keys[i] = *tmpKey
+	}
+	return &keys
+}
diff --git a/proxmox/Internal/resource/guest/sshkeys/terraform.go b/proxmox/Internal/resource/guest/sshkeys/terraform.go
new file mode 100644
index 00000000..eb2b9538
--- /dev/null
+++ b/proxmox/Internal/resource/guest/sshkeys/terraform.go
@@ -0,0 +1,16 @@
+package sshkeys
+
+import (
+	"strings"
+
+	pveAPI "github.com/Telmate/proxmox-api-go/proxmox"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func Terraform(config []pveAPI.AuthorizedKey, d *schema.ResourceData) {
+	keys := make([]string, len(config))
+	for i := range config {
+		keys[i] = config[i].String() + "\n"
+	}
+	d.Set(Root, strings.Join(keys, ""))
+}
diff --git a/proxmox/resource_vm_qemu.go b/proxmox/resource_vm_qemu.go
index 7781e2c3..8b0ae28f 100755
--- a/proxmox/resource_vm_qemu.go
+++ b/proxmox/resource_vm_qemu.go
@@ -26,7 +26,6 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 
 	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/pve/dns/nameservers"
-	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/pve/guest/sshkeys"
 	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/pve/guest/tags"
 	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/resource/guest/node"
 	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/resource/guest/qemu/cpu"
@@ -35,6 +34,7 @@ import (
 	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/resource/guest/qemu/pci"
 	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/resource/guest/qemu/serial"
 	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/resource/guest/qemu/usb"
+	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/resource/guest/sshkeys"
 	vmID "github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/resource/guest/vmid"
 	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/util"
 )
@@ -505,13 +505,7 @@ func resourceVmQemu() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
-			"sshkeys": {
-				Type:     schema.TypeString,
-				Optional: true,
-				DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
-					return sshkeys.Trim(old) == sshkeys.Trim(new)
-				},
-			},
+			sshkeys.Root: sshkeys.Schema(),
 			"ipconfig0": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -1713,7 +1707,9 @@ func mapToTerraform_CloudInit(config *pveSDK.CloudInit, d *schema.ResourceData)
 			d.Set("ipconfig"+strconv.Itoa(int(i)), mapToTerraform_CloudInitNetworkConfig(v))
 		}
 	}
-	d.Set("sshkeys", sshkeys.String(config.PublicSSHkeys))
+	if config.PublicSSHkeys != nil {
+		sshkeys.Terraform(*config.PublicSSHkeys, d)
+	}
 	if config.UpgradePackages != nil {
 		d.Set("ciupgrade", *config.UpgradePackages)
 	}
@@ -1779,7 +1775,7 @@ func mapToSDK_CloudInit(d *schema.ResourceData) *pveSDK.CloudInit {
 			NameServers:  nameservers.Split(d.Get("nameserver").(string)),
 		},
 		NetworkInterfaces: pveSDK.CloudInitNetworkInterfaces{},
-		PublicSSHkeys:     sshkeys.Split(d.Get("sshkeys").(string)),
+		PublicSSHkeys:     sshkeys.SDK(d),
 		UpgradePackages:   util.Pointer(d.Get("ciupgrade").(bool)),
 		UserPassword:      util.Pointer(d.Get("cipassword").(string)),
 		Username:          util.Pointer(d.Get("ciuser").(string)),