HashiCorp Developer AI Private beta now available Sign up today
Terraform
Terraform Home

You are viewing documentation for version v202401-2. View latest version.

Publishing Public Providers in Airgapped Terraform Enterprise

Your Terraform Enterprise installation must be able to access the public Terraform Registry to build workspaces that rely on official public HashiCorp providers. However, this is a problem if your Terraform Enterprise installation is in an airgapped environment without internet access.

To solve this, you can download the public provider and re-upload it to your private registry. There are a few differences in the workflow for re-uploading a public HashiCorp provider. In this example, you will download the AWS provider and re-upload it to your private registry. You can use the same workflow for any official HashiCorp provider.

To reupload a public HashiCorp provider to your private registry, follow these steps.

Download required files

Download the provider binary files for the provider, the SHASUMS file, and the SHA256SUMS.72D7468F.sig file. These files are available at https://releases.hashicorp.com. For this example, you can refer to the AWS provider files for more details. You will only re-upload the binaries for the linux_amd64 architecture, but you can use this same process to re-upload multiple builds of the same provider.

First, download the SHASUMS file. This file contains a SHA256 checksum for each build of this specific provider version.

$ curl \
  https://releases.hashicorp.com/terraform-provider-aws/5.14.0/terraform-provider-aws_5.14.0_SHA256SUMS \
  --output terraform-provider-aws_5.14.0_SHA256SUMS

Next, download the SHA256SUMS.72D7468F.sig file. This file is a GPG binary signature of the SHA256SUMS file. 

$ curl \
  https://releases.hashicorp.com/terraform-provider-aws/5.14.0/terraform-provider-aws_5.14.0_SHA256SUMS.72D7468F.sig \
  --output terraform-provider-aws_5.14.0_SHA256SUMS.72D7468F.sig

Finally, download the linux_amd64 build of the provider binary.

$ curl \
  https://releases.hashicorp.com/terraform-provider-aws/5.14.0/terraform-provider-aws_5.14.0_linux_amd64.zip \
  --output terraform-provider-aws_5.14.0_linux_amd64.zip

Create the provider

Re-upload the provider by following the guide in Publishing a provider. There are two differences that you need to make in this workflow:

  • Do not sign the binary with your GPG key; HashiCorp's public PGP key has already signed it.
  • Do not upload your public GPG key. Instead, use HashiCorp's public key, which Terraform Enterprise version v202309-1 and newer includes by default. The key ID is 34365D9472D7468F, and you can verify the ID by importing the public key locally.