28 lines
1.4 KiB
Plaintext
28 lines
1.4 KiB
Plaintext
---
|
|
page_title: Plugin Signing
|
|
description: >-
|
|
Learn about the types of signatures providers can have on the Terraform
|
|
Registry.
|
|
---
|
|
|
|
<!-- THIS PAGED IS LINKED TO IN THE CLI -->
|
|
|
|
# Plugin Signing
|
|
|
|
~> **Note** Currently only provider plugins fetched from a registry are authenticated.
|
|
|
|
Terraform providers installed from the Registry are cryptographically signed, and the signature is verified at time of installation. There are three types of provider signatures, each with different trust implications:
|
|
|
|
* **Signed by HashiCorp** - are built, signed, and supported by HashiCorp.
|
|
* **Signed by Trusted Partners** - are built, signed, and supported by a third party. HashiCorp has
|
|
verified the ownership of the private key and we provide a chain of trust to the CLI to verify this
|
|
programatically.
|
|
* **Self-signed** - are built, signed, and supported by a third party. HashiCorp does not provide a
|
|
verification or chain of trust for the signature. You may obtain and validate fingerprints manually
|
|
if you want to ensure you are using a binary you can trust.
|
|
|
|
Terraform does **NOT** support fetching and using unsigned binaries, but you can manually install
|
|
unsigned binaries. You should take extreme care when doing so as no programatic authentication is performed.
|
|
|
|
Usage of plugins from the registry is subject to the Registry's [Terms of Use](https://registry.terraform.io/terms).
|