Error checking signature: openpgp: key expired

[eric-viera]

What it says in the title happens when running terraform init, terraform tries to install version 1.21.0 and fails

[bceskavich]

I am seeing this as well on version 1.16.0.

[tacchino]

Saw this as well on latest Terraform release. Not a problem when I went back to 1.5.7

[beaugunderson]

also seeing this today on latest terraform; going to pin our hashicorp/setup-terraform@v2 workflow with this and report back:

  with:
    terraform_version: 1.5.7

[beaugunderson]

that worked 👍

[lleger]

that worked 👍

Worked for me too.

[PhuocNguyen-IT]

Worked for me too.

[NyanKiyoshi]

It appears that the issue is coming from the fact terraform 1.5.x wasn't checking whether or not the PGP public key is expired (the issue was probably fixed here: hashicorp/terraform@1fe57d4).

We can see the latest release of this provider has the PGP key expired by inspecting the key:

$ curl https://registry.terraform.io/v1/providers/cyrilgdn/postgresql/1.21.0/download/linux/amd64 | jq -r '.signing_keys.gpg_public_keys[0].ascii_armor' | gpg --show-keys -
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  3320    0  3320    0     0  30404      0 --:--:-- --:--:-- --:--:-- 31619
pub   rsa3072 2020-11-26 [SC] [expired: 2022-11-26]
      E6C07CFC9E8660A23759D1F03918DD444A3876A6
uid                      Cyril Gaudin (Terraform providers) <[email protected]>
sub   rsa3072 2020-11-26 [E] [expired: 2022-11-26]

gpg: WARNING: No valid encryption subkey left over.

[bceskavich]

Pinning our Terraform version to <= 1.5.7 worked for me as well.

[mr-andres-carvajal]

Seeing this issue in 1.15

[tcraxs]

related to this hashicorp/terraform#33984

Workaround use terraform 1.5.7

Its a bug in TF not in this provider, issue can be closed.

[jrisch]

related to this hashicorp/terraform#33984

Workaround use terraform 1.5.7

Its a bug in TF not in this provider, issue can be closed.

I'm not sure I agree in the statement above. The key used to sign the releases of this provider is outdated and should be updated. So please do not close this issue.

[nikolay]

The providers need to be updated with valid keys. The MySQL provider also uses expired keys, and I won't be surprised if all others (such as RabbitMQ) suffer from the same security issue.

[AlexanderProd]

Experiencing this error in Terraform 1.6.0

[enricojonas]

Same here - key needs to be updated...

[nikolay]

It is sad that for nearly a week, no one can get hold of @cyrilgdn and make him fix a bunch of major providers. I feel light forking and signing the forked provider with valid keys, as I personally don't like having to downgrade.

I couldn't find an email or some contact of sorts for the maintainer to ping him.

[denisraison]

Version 1.6.1 is out and should have reverted back to ignoring the expired keys.
https://github.com/hashicorp/terraform/releases/tag/v1.6.1

I've just installed and tested and it's working again :)

I think it would still be a good idea to update the provider with a valid key tho.

[cyrilgdn]

We'll update the key on the next release.