Announcing HashiCorp Terraform 0.14 General Availability
Terraform 0.14 features a new concise diff renderer, provider dependency lockfile, and more.
We’re excited to announce the release of HashiCorp Terraform 0.14 into General Availability. It is immediately available for download as well as for use in Terraform Cloud.
Terraform 0.14 is all about workflow. We know that practitioners love the Terraform workflow. Our job is to continue to improve it. Terraform 0.14 takes steps to help every practitioner be better able to make critical decisions about their infrastructure with the addition of a concise diff, sensitive input variables, and a provider dependency lockfile. These improvements are designed to help better control Terraform’s behavior in both interactive use and when used in automation. This release is one of the final stepping stones to a 1.0 release of Terraform.
» Terraform 0.14 Highlights
» Concise Diff
Terraform 0.14 includes a new experimental, on-by-default, concise diff renderer. This small but significant new behavior is designed to help practitioners quickly understand what changes Terraform is about to make to existing infrastructure.
The diff renderer used by terraform plan
, terraform apply
, and terraform show <planfile>
has been updated to hide unchanged and irrelevant fields. If any attributes, collection elements, or blocks are hidden, a count will be kept and displayed at the end of the parent scope. This ensures that the diff is clearly only displaying a subset of the resource.
# test_resource.foo will be updated in-place
~ resource "test_resource" "foo" {
id = "foo_123"
~ checksum = 28987129 -> (known after apply)
- mode = "test" -> null
name = "Foo Test"
tags = []
~ totals = {
- "bar" = 5 -> null
+ "baz" = 5
# (2 unchanged elements hidden)
}
~ values = [
- "alpha",
- "gamma",
+ "alpaca",
+ "goblin",
+ "zephyr",
# (23 unchanged elements hidden)
]
# (5 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
Check out the recent blog post covering the details of the updated diff rendered in Terraform 0.14.
» Sensitive Input Variables and Extended Provider Schema Sensitivity
Terraform 0.14 adds the ability to thread the notion of a “sensitive value” throughout Terraform. In this first release along the lines of these new capabilities, we’ve focused on input variables & module outputs first, with an additional opt-in experiment for values which provider schemas mark as sensitive.
Defining an input variable value as “sensitive” will result in Terraform redacting that value from CLI output. The same is true for module outputs. Module outputs with the sensitive=true attribute set will also see their values redacted throughout a Terraform plan.
You can define a variable as sensitive by setting the sensitive argument to true:
variable "user_information" {
type = object({
name = string
address = string
})
sensitive = true
}
resource "some_resource""a" {
name = var.user_information.name
address = var.user_information.address
}
Using this variable throughout your configuration will obfuscate the value from display in plan or apply output. In some cases where a sensitive variable is used in a nested block, the whole block can be redacted. This happens with resources that can have multiple blocks of the same type, where the values must be unique.
There are additional changes available for using and manipulating sensitive values. Please see the recent blog post, try a hands-on tutorial, or review our documentation on input variables and sensitive attributes for details.
It is important to highlight that the primary use case for these new features is to help practitioners prevent unintended exposure of specific values into systems that may consume Terraform’s console output, e.g. logging or version control.
» Provider Dependency Lockfile
Terraform 0.14’s new dependency lock file, focused on providers, simplifies managing Terraform automation. Starting in Terraform 0.13, the possibility of installing providers from customer-controlled or third-party remote registries increases the need to be able to replicate Terraform runs in automation. These remote and automated Terraform workflows need to be able to duplicate previous runs exactly.
The dependency lock file launching with Terraform 0.14 is generated automatically when Terraform init
is run. The generated lockfile should be committed into version control systems so that Terraform can guarantee to select exactly the same provider versions on future runs.
Upgrading to a new provider (or collection of providers) can be completed via terraform init -upgrade
.
For more information on the dependency lockfile, check out the recent blog post, try a hands-on tutorial, or review our documentation.
» There’s More
- Terraform 0.14 also adds official support for Linux ARM64 builds. We’ve gone further and added Linux ARM64 support in the latest 0.13.x releases.
- We’ve included a community contribution which adds two new validation conditions for practitioners using variable validation:
any
&all
. See the documentation for more info. - Forward compatibility for state files. Terraform will now support reading and writing all compatible state files, even from future versions of Terraform. This means that users of Terraform 0.14.0 will be able to share state files with future Terraform versions until a new state file format version is needed.
» Getting Started
We have many resources available for 0.14 for new and existing users. To learn more about the new functionality of 0.14 you can:
- Review the documentation
- Try our HashiCorp Learn tutorials which have been updated for Terraform 0.14
- Lock and Upgrade Provider Versions
- Protect Sensitive Input Variables
To get started using 0.14:
- Download the Terraform 0.14 release.
- If you are upgrading from a previous release, read the upgrade guide to learn how to adopt Terraform’s new features.
For more details, please see the full changelog. This release also includes a number of code contributions from the community and wouldn't have been possible without all of the great community feedback we've received via GitHub issues and elsewhere. Thank you!
HashiCorp Terraform 0.14 is the next step on our way to solidifying the Terraform ecosystem and empowering collaborative workflows at organizations of all sizes. You can download Terraform 0.14 here and sign up for a Terraform Cloud account here.
Sign up for the latest HashiCorp news
More blog posts like this one
Fix the developers vs. security conflict by shifting further left
Resolve the friction between dev and security teams with platform-led workflows that make cloud security seamless and scalable.
HashiCorp at AWS re:Invent: Your blueprint to cloud success
If you’re attending AWS re:Invent in Las Vegas, Dec. 2 - Dec. 6th, visit us for breakout sessions, expert talks, and product demos to learn how to take a unified approach to Infrastructure and Security Lifecycle Management.
Speed up app delivery with automated cancellation of plan-only Terraform runs
Automatic cancellation of plan-only runs allows customers to easily cancel any unfinished runs for outdated commits to speed up application delivery.