The OpenTofu Registry supports blacklisting specific versions of providers and modules to prevent them from being added during automated version updates.
The blacklist is configured in the versions_blacklist.json file at the repository root.
{
"providers": [
{
"namespace": "hashicorp",
"name": "aws",
"version": "6.1.0",
"reason": "Critical bug - see https://github.com/hashicorp/terraform-provider-aws/issues/43213"
}
],
"modules": [
{
"namespace": "terraform-aws-modules",
"name": "vpc",
"target_system": "aws",
"version": "5.0.0",
"reason": "Breaking changes not compatible with our infrastructure"
}
]
}- During the automated version bump process (runs every 15 minutes), the system checks each new version against the blacklist
- If a version is found in the blacklist, it will be skipped and a warning will be logged
- The blacklisted version will never be added to the registry, even if it exists in the upstream repository
- Edit
versions_blacklist.json - Add an entry to either the
providersormodulesarray - Commit and push the changes
- The blacklist takes effect immediately on the next version bump run
- Remove the entry from
versions_blacklist.json - Commit and push the changes
- The version will be eligible for addition on the next version bump run
- The blacklist only prevents NEW versions from being added
- If a blacklisted version already exists in the registry, it won't be automatically removed
- To remove an existing version, you should:
- Manually edit the provider/module JSON file to remove the version
- Add the version to
versions_blacklist.jsonto prevent re-addition - Submit both changes in the same PR
- The version string must match exactly (e.g., "6.1.0" not "v6.1.0")