Terraform 11 init command fails

We have a Terraform 11 configuration. When I try to run the init command with “terraform init”, I am seeing the below error:

“Error installing provider “external”: openpgp: signature made by unknown entity.”

We have some “external” sections inside the “data” section in the Terraform configuration to get some values by running shell scripts. I assume the error is related to the provider for that.

We have been using the same configuration for a long time. This is the first time I am seeing this error. What could be the problem ?

Could this be a problem in the plugin web site itself?

From the Terraform 11 help, there is a -verify-plugins=false option for terraform init. When I used that option with terraform init, the command succeeded. However -verify-plugins=false looks like a dangerous one to me.

Any advice? We are urgently looking for a solution since customers might be affected by this error.


Hi @gihari,

I assume you mean Terraform v0.11, in which case I think what you’re seeing here is the result of HashiCorp switching to a new signing key for the official providers back in April. The version of Terraform v0.11 you are using there might not be aware of the new key.

If that’s true then the two main options to proceed would be the following:

  • Make sure you’re using the latest Terraform CLI v0.11 minor release, which is v0.11.15 at the time I’m writing this. We backported knowlege of the new key to a new release in the v0.11 line and recommend this as the primary way to be compatible with newer provider releases.
  • If you can’t upgrade Terraform CLI, the alternative would be to downgrade to an older version of this provider which was signed with the old key. I believe the newest version of this provider using the old key is provider version v2.1.0, and so you could add a version constraint version = "<= 2.1.0" to your configuration for that provider to prevent terraform init from trying to upgrade to a newer version. This option is a less recommended alternative because you’ll be depending on a stale signing key, but it is reasonable to do this if for some reason you cannot upgrade to Terraform CLI v0.11.15.

From looking at the releases in the provider repository it seems that there was a new release of this provider just yesterday, and so if this is the first time you’ve seen this error and nothing changed in your system then it seems likely that this error started because you don’t have a version constraint for this provider and so terraform init tried to select the latest available version, which is no longer compatible with your Terraform version as of yesterday.

Thank you very much for the suggestions. Let me try it out.