Installing TF 0.12.31 - No keybase install found

I need to upgrade our codebase from the current 0.12.29 to 1.x

As part of that process I need to upgrade to the latest version of 0.12

I used tfenv to install the latest version of 0.12 using tfenv install latest:^0.12 which installs 0.12.31 but it comes up with a warning.

Downloading SHA hash file from https://releases.hashicorp.com/terraform/0.12.31/terraform_0.12.31_SHA256SUMS No keybase install found, skipping OpenPGP signature verification

I’m not sure what, if anything, I need to do about the “No keybase installed” message and I don’t know if it’s a tfenv issue or a Terraform issue.

Can anyone advise please?

Hi @Chris-Leeworthy1,

This seems to be an error from tfenv rather than from Terraform itself. tfenv is not a HashiCorp product and so I’m not familiar with the details of how it works, but in the tfenv README I see it says something about keybase:

If shasum is present in the path, tfenv will verify the download against Hashicorp’s published sha256 hash. If keybase is available in the path it will also verify the signature for those published hashes using Hashicorp’s published public key.

You can opt-in to using GnuPG tools for PGP signature verification if keybase is not available:

$ echo 'trust-tfenv: yes' > ~/.tfenv/use-gpgv
$ tfenv install

The trust-tfenv directive means that verification uses a copy of the Hashicorp OpenPGP key found in the tfenv repository. Skipping that directive means that the Hashicorp key must be in the existing default trusted keys. Use the file ~/.tfenv/use-gnupg to instead invoke the full gpg tool and see web-of-trust status; beware that a lack of trust path will not cause a validation failure.

The details here are a bit outside my scope so I can’t make any specific recommendation here, but what I understand from the above is that by default tfenv uses the tool keybase as a way to obtain the HashiCorp signing key in order to verify the package signatures, and so if you don’t have it you need to configure some other way for tfenv to get those signatures.