Problem
Users of Terraform CLI versions older than v0.11.15 may encounter an error when initializing a configuration that uses recent provider versions. When running terraform init, the process fails with the following error message:
Error installing provider "external": openpgp: signature made by unknown entity
Cause
The OpenPGP signature key used to sign official Terraform providers was updated. Terraform CLI versions older than v0.11.15 do not recognize this new signature key.
When terraform init attempts to download the latest version of a provider, it cannot validate the new signature with its outdated list of trusted keys, resulting in an error.
Solutions
Solution 1: Downgrade the Provider Version
Because Terraform CLI v0.11 is end-of-life (EOL), it cannot be updated to recognize the new provider signatures. The only workaround is to constrain the provider version in your configuration to an older version that was signed with the previous key.
To do this, add a version constraint to the provider block in your Terraform configuration. For example, to downgrade the external provider, modify your configuration as follows.
provider "external" {
version = "< 2.1.0"
}After adding the version constraint, run terraform init again.
Additional Information
This solution provides a temporary workaround for legacy configurations that are failing. HashiCorp strongly recommends upgrading your Terraform CLI and provider versions to a supported release.
Using end-of-life Terraform versions and outdated providers may expose your configuration to security vulnerabilities and lead to unexpected behavior during planning and applying.