Terraform Enterprise v202306-1 (713)

Last required release: v202207-2 (642)

Known Issues

  1. The RunExternalStatus data migration now runs in the foreground for visibility. However, if there are a large number of runs this migration can take a long time to complete.


In Terraform Enterprise v202308-1 the server services will be consolidated into a single container named terraform-enterprise. This container runs as a non-root user and contains the logs for all of the server services. Terraform runs will continue to execute in isolated, short-lived containers but will now run as a non-root user. This change is available now using the optional consolidated_services setting. See the consolidated services documentation for more information on this change.

The following Docker Engine versions are deprecated. Support for them will be removed in Terraform Enterprise v202308-1.

  • Docker Engine 19.03


  1. No-code provisioning is now available in Terraform Enterprise. No-code provisioning enables organizations to set up self-service workflows for application developers that need infrastructure but are not familiar with Terraform.
  2. Docker Engine 23.0 and 24.0 are now supported.


  1. You can now cancel a passed policy check to unblock runs that are stuck at the policy check step.
  2. Terraform Enterprise now uses Sentinel v0.22.0 for policy checks, adding support for the sentinel block.
  3. Prefixed the names of the ephemeral Docker containers that run Terraform plan and apply operations with “tfe-agent-”.
  4. The Run Tasks Integration API payload now includes the configuration_version_id and workspace_working_directory attributes.
  5. You can now access Sentinel policy check results through a new and streamlined user interface.
  6. Added a new Copy Configuration link to copy the full configuration details of a module from its overview page.
  7. The tfe-admin retrieve-iact command no longer contains trailing whitespace.

Bug Fixes

  1. Run tasks and policy sets no longer count discarded workspaces that have yet to be deleted.
  2. Long workspace notification names are now properly displayed on the notifications page.
  3. Long workspace run task names and descriptions are now properly displayed on the run tasks page.
  4. Workspaces using the GitHub App Integration can now renew expiring refresh tokens.
  5. Workspaces can no longer be assigned an agent pool that is not scoped to that workspace. Affected workspaces will revalidate their assigned agent pool on next save.
  6. APIs now return project scoped variable set information for all users with the proper permissions.


  1. Container updates address reported vulnerabilities (CVEs) in underlying packages and dependencies.