Error installing provider "aws": openpgp: signature made by unknown entity

Question

I am using terraform version 0.11.13, and this afternoon I am getting the following error in terraform init step Does it mean I've to upgrade the terraform version, is there a deprecation for this version for aws provider?

Full logs:

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.

[1mInitializing provider plugins...
- Checking for available provider plugins on https://releases.hashicorp.com...

Error installing provider "aws": openpgp: signature made by unknown entity.

Terraform analyses the configuration and state and automatically downloads
plugins for the providers used. However, when attempting to download this
plugin an unexpected error occured.

This may be caused if for some reason Terraform is unable to reach the
plugin repository. The repository may be unreachable if access is blocked
by a firewall.

If automatic installation is not possible or desirable in your environment,
you may alternatively manually install plugins by downloading a suitable
distribution package and placing the plugin's executable file in the
following directory:
    terraform.d/plugins/linux_amd64

Answer 1

Important - While this answer can solve the immediate problem, it creates a potential security risk by disabling the security check. Use with caution

you can also do

terraform init -verify-plugins=false

This worked for me.

Answer 2

The GPG key used for release signing and verification has been rotated. New releases of Terraform use this updated key for verifying official providers, and official provider releases will be signed with this key going forwards.

More about

Answer 3

Fixing the provider version solved the problem.

Answer 4

HashiCorp has rotated its release signing key as a part of HCSEC-2021-12

For example, for terraform 0.11.x, you can set the aws version to v2.70.0

provider "aws" {
  region  = "us-east-1"
  version = "v2.70.0"
}

For other versions, you can check: https://registry.terraform.io/providers/hashicorp/aws/latest/docs

Answer 5

Hashicorp have re-signed with a new GPG key as part of a internal security ticket

To get around this, look to shift to the new version of Terraform - this is fixed in 0.11.15 and you should upgrade to this version. This should not impact anything else, as there are only minor changes.