»Upgrading to Terraform v1.2
Do you need the upgrade guide for an earlier version of Terraform? Use the version selector in the navigation bar to select the version you are intending to upgrade to.
Terraform v1.2 is a minor release in the stable Terraform v1.0 series.
Terraform v1.2 continues to honor the Terraform v1.0 Compatibility Promises, but there are some behavior changes outside of those promises that may affect a small number of users. Specifically, the following updates may require additional upgrade steps:
- terraform-credentials-env functionality is built into the Terraform CLI
- Terraform requires Linux kernel 2.6.32 or later
- Remote servers must support TLSv1.2
- Outdated TLS features are no longer supported
We recommend disabling the third-party credentials helper plugin terraform-credentials-env when you upgrade to Terraform v1.2. Terraform now contains similar built-in functionality.
The new v1.2 functionality supports the same environment variable naming scheme as the credentials helper, but has a difference in priority order. Specifically,
TF_TOKEN_... environment variables now take priority over both credentials blocks in CLI configuration and credentials stored automatically when you run
terraform login. After upgrading, ensure you do not specify credentials for the same host in multiple locations.
We also recommend upgrading the hashicorp/tfe provider to version 0.31 if you currently use it with the credentials helper to manage Terraform Cloud or Terraform Enterprise objects. Version 0.31 contains built-in support for the built-in
TF_TOKEN_... environment variables.
The Terraform runtime no longer supports Linux kernels prior to 2.6.32, and official releases of Terraform v1.2 for Linux require distributions using kernel 2.6.32 or later. The CLI behavior on earlier kernel versions is undefined.
Terraform no longer supports the following features when making outgoing HTTPS or other TLS connections as a client:
- TLS v1.0 and v1.1. Terraform now requires the server to support TLS v1.2. All up-to-date servers should support TLS 1.2, and mainstream web browsers have required it since 2020.
- CA certificates signed using the SHA-1 hash function. Publicly-trusted Certificate Authorities have not issued SHA-1 certificates since 2015.
This change only affects requests from Terraform, including provider installation, module installation, and interactions with your configured backend. Provider plugins are separate programs that have their own rules about which TLS versions are supported.