1

We are trying to leverage the Terraform Cloud private provider registry to consume custom providers within our org away from public view. However, after following all of the gpg upload steps, version creation, platform creation and upload for the checksums to successfully upload the artifacts we are getting an error at terraform init stage on our local machine.

○ → terraform init
 
Initializing the backend...
 
Initializing provider plugins...
- Finding app.terraform.io/my-organization/provider-name versions matching "1.2.3"...
- Installing app.terraform.io/my-organization/provider-name v1.2.3...
╷
│ Error: Failed to install provider
│
│ Error while installing app.terraform.io/my-organization/provider-name v1.2.3: authentication signature from unknown issuer
╵

Our uploaded binary exists for every operating system as well as the SHASUM256 and SHASUMS256.sig files, in the tf cloud console. They show as uploaded and ready for the provider to be consumed, and is not flagging for any missing files. We have verified that the checksum is signed appropriately with the corresponding sig on the machine where we created the signing keys.

With that our understanding must be that the issuer is not recognized to the terraform CLI, such as Trusted Partner would be listed? We were not looking to go the route of a partner, so we should fall under the self-signed provider as documented here: https://www.terraform.io/cli/plugins/signing

Any input or thoughts would be fantastic! Thanks!

1 Answers1

0

A bit late to the party with this one, but we had the same problem and it came down to the signature file being signed with a different gpg key than what was uploaded to the private registry. The biggest clue was when we ran gpg verification:

gpg --import <public_key_file_from_the_private_repo>
gpg --verify your_SHA256SUMS.sig your_SHA256SUMS

and got back gpg: Can't check signature: No public key.

terraform init succeeded once we re-signed with the correct key, deleted the existing provider platform and version, and re-created it all.

Aaron
  • 121
  • 1
  • 7