Terraform Building Blocks Failing with "unable to verify checksums signature: openpgp: key expired"
complete
S
Stefan Tomm
Who is affected
Only customers using Terraform <= 1.5.5 (not OpenTofu) are affected. This is caused by an expired PGP signing key used to verify Terraform binary checksums during installation.
Root cause
This is a known upstream bug in HashiCorp's hc-install tool, which meshStack uses internally to download and verify Terraform binaries. The issue is present since 18.04.2026. The issue has been reported to HashiCorp:
Workaround / Fix
We are currently investigating a workaround on our end. Using OpenTofu instead of Terraform would solve the issue, but we are currently checking the consequences of this migration for existing Building Blocks.
Status: Under investigation — no fix available from HashiCorp yet.
Janny the AI Product Manager
marked this post as
complete
Janny the AI Product Manager
Resolution
This issue has been resolved in meshStack v2026.16.1.
We updated the HashiCorp public signing key used by the Building Block runner when downloading Terraform binaries. This mitigates the upstream key-rotation change in HashiCorp release signing that caused the
openpgp: key expired
verification failures.Terraform binary installation now works correctly for both older supported releases (e.g. 1.4.x/1.5.x) and current releases. No action required on your end.
If you continue to see issues after upgrading, please reach out at support@meshcloud.io.