Skip to content

OpenTofu registry is missing GPG keys for this provider #446

New issue
New issue
Closed
Closed
OpenTofu registry is missing GPG keys for this provider#446
Assignees
cyrilgdn
@pascal-hofmann

Description

@pascal-hofmann
pascal-hofmann
opened on Jun 10, 2024

First of all thank you for all the work you put into this provider!

I noticed the public GPG key of this provider is missing in the OpenTofu module registry.

Note: For security reasons, it has to be submitted by the provider author for the OpenTofu registry to accept it.

You can follow this link to submit it: Submit new Provider Signing Key

If you don't have access to the public key anymore, it can be extracted from the terraform registry:

curl 'https://registry.terraform.io/v1/providers/cyrilgdn/postgresql/1.22.0/download/linux/amd64' | jq --raw-output '.signing_keys | .gpg_public_keys | .[0] | .ascii_armor'

I attached the key for reference:
postgresql_registry_key.pub.txt

Background

  • OpenTofu is a fork of Terraform that is open-source, community-driven, and managed by the Linux Foundation.
  • Hashicorp silently changed the Terms of Service for the terraform provider registry to disallow usage with things other than terraform, so OpenTofu had to build its own registry.

Terraform OpenTofu Version

$ tofu --version
OpenTofu v1.7.1
on darwin_amd64

Expected Behavior

Provider is downloaded and verified.

Actual Behavior

Signature validation was skipped:

- Installed cyrilgdn/postgresql v1.22.0. Signature validation was skipped due to the registry not containing GPG keys for this provider

Steps to Reproduce

Metadata

Metadata

Assignees

Labels

No labels
No labels

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions