First time at Zeet?

24 Sep
2023
-
7
min read

The Impact of HashiCorp's License Change on Terraform Users and Providers: What You Need to Know

HashiCorp's announcement to change Terraform's open source license to a proprietary license has caused major backlash. Learn how this controversial license change may impact Terraform users, providers, and the broader DevOps community, as well as options for mitigating risks and alternatives like OpenTofu.

Johnny Dallas

CEO & Co-Founder, Zeet
Platform Engineering + DevOps
Content
heading2
heading3
heading4
heading5
heading6
heading7

Share this article

What Happened with Hashicorp?

Well, HashiCorp certainly threw the DevOps world a curveball on August 10th by re-licensing their popular infrastructure as code tool Terraform under a proprietary Business Source License. As a long-time Terraform user myself, my first reaction was somewhere between shock, confusion, and a healthy dose of side-eye. On the one hand, the new license doesn’t actually change anything about how we currently use Terraform, but it does make the future a lot more uncertain. 

As an engineer who very much prefers using transparent, community-driven tools, that makes me more than a little nervous. I can’t help feeling like this license change violates the spirit of open source that Terraform was built on. For startups and SaaS companies betting big on Terraform, that’s not exactly reassuring. At the very least, it’s a sign that we as a community should avoid lock-in and keep alternative open source options like OpenTofu on our radar. For now, we don’t need to change anything in our Terraform workflows, but we’d be wise to stay alert. 

In this post I wanted to summarize what we know so far and look at how we as a community can look to the future of our favorite open source tools. I tried to strike a balance of being understanding towards HashiCorp's motivations while also advising caution and looking out for Terraform users. Please let me know if you would like me to modify or expand on anything in this post. I'm happy to refine and revisit these ideas, or hear a different point of view.

The New Business Source License: What Changed?

Terraform was previously released under the very permissive Mozilla Public License v2.0 (MPL 2.0) license, but will now be under the BSL. The key difference is that while MPL 2.0 is an open source license, the BSL is a source-available license. That means HashiCorp maintains more control and can relicense Terraform again in the future for any reason.  

Some argue the BSL could be good for Terraform if it provides HashiCorp with additional funding and control over the product roadmap. And I'm hopeful that the benefits to HashiCorp will actually translate into benefits for users and the community. Proprietary licenses tend to primarily benefit the vendors that control them, not the people using the software, so time will tell.  

For users, the implications are a bit murky. On the one hand, HashiCorp has pledged to keep Terraform free and open source "as-is" for now. But the BSL gives them the right to change the license down the road with little notice. The BSL is also less transparent than an open source license like Apache 2.0 or MPL 2.0. HashiCorp no longer has an obligation to disclose changes to the software or be as responsive to community feedback.  

As a startup founder, I'm not against companies making money from open source software or protecting their intellectual property. But there are ways to do that without compromising transparency or trust in the community. The BSL fails on both those fronts, giving HashiCorp alarming levels of control over a tool that so much of our infrastructure relies upon. For a company that built its success on open source, this license change is a step in the wrong direction. 

While the new license doesn't impact how we use Terraform today, it does introduce a lot of uncertainty about the future openness and transparency of the project. This license change is a sign that we should avoid lock-in and keep our options open. At a minimum, we as a community need to keep our options open and avoid putting all our IaC eggs in one basket. For startups and SaaS companies relying heavily on Terraform, that uncertainty is something worth monitoring closely. A "Plan B" may be in order, just in case.

Effects on the Terraform Provider Ecosystem

The provider ecosystem is what gives Terraform its power and versatility. Without continued strong growth and support from third-party providers, Terraform itself becomes far less useful. SaaS companies in particular should keep a close eye on how this license change impacts Terraform’s provider ecosystem, as any major disruptions there could significantly impact their own infrastructure automation and workflows.

For now, HashiCorp claims the new BSL license won’t actually impact any existing Terraform providers. Yet the license does risk reducing trust in the project's future direction. And you have to look at it from the perspective of a provider developer: would you want to invest tons of work into integrating with a tool that could abruptly change its licensing and potentially disrupt your own roadmap? 

If developers ultimately prefer to work with infrastructure tools that have fully open source licenses and more stable, transparent roadmaps, that could really limit the growth of Terraform’s provider ecosystem, which so many of us rely on. As more and more providers second-guess their investment in Terraform, that leaves SaaS companies and startups with fewer options for custom integrations and less flexibility overall. Not an ideal situation if you’ve designed your infrastructure automation around Terraform and its vast provider ecosystem.

Proprietary licenses tend to breed uncertainty, and uncertainty is the last thing most engineers want in their tooling and workflows. While HashiCorp seems to have the best of intentions here and wants to keep investing in Terraform, they may find that the BSL license has unintended consequences. For those of us who have come to depend on Terraform mainly because of its open ecosystem, that’s a less-than-ideal outcome.  

Implications for SaaS Companies and Startups

If I were part of a startup relying heavily on Terraform, I'd have some serious concerns about this license change. While Terraform remains free and open source for now, its future is far less certain. As a small company betting your infrastructure on a tool, that kind of uncertainty is scary. What happens if in a year HashiCorp decides to start charging an enterprise license fee for previously free features you depend on? Or makes changes to the tool that fracture your workflows?  

My advice would be: don't get locked into any single tool. No matter what HashiCorp says, proprietary licenses are designed to benefit the vendor, not the customer. Consider open source alternatives like OpenTofu that provide the same infrastructure as code capabilities but with an open source license and transparent roadmap. That way you have options if Terraform ever goes sideways on you.  

If open source and transparency are important to your business, be sure to provide that feedback to HashiCorp. Let them know that unpredictable or restrictive licensing changes could significantly impact your ability to rely on their tools. HashiCorp - to their credit - has said they want to continue supporting the open source community, so make it clear that's what their customers and users really want and expect from them. We already see the effects of community feedback as HashiCorp has recently licensed a few libraries back to MPL 2.0.

For startups with limited resources, trust and transparency are everything in the tools they choose to build their business on. By advocating for transparent, community-driven projects, we get to help shape the future of open source infrastructure automation. My advice is stay vocal, keep your options open, and avoid lock-in at all costs. 

Community Reaction and the Future of Open Source Terraform

For a tool relied upon by so many, it's no surprise that much of the open source community has reacted negatively to Terraform's license change. The principles of transparency, trust, and community that open source software is built on seem violated by the BSL. 

By re-licensing Terraform under a proprietary, source-available license, HashiCorp has shown that community is secondary to their commercial interests. While that's certainly their prerogative as a business, many feel it goes against the spirit of good faith that should exist between open source vendors and their users. It highlights why we as a community need to support fully open source alternatives to avoid over-reliance on any single vendor or tool. The future of open source infrastructure automation is simply too important to be entirely in the hands of commercial interests. We deserve transparency and trust in the tools we build our systems on.  

For now, Terraform remains unchanged and a perfectly viable option for deploying infrastructure as code packages. My hope is that HashiCorp listens to their community and understands why so many prefer open source tools with clear and permissive licensing. But as users, we must also take responsibility by supporting alternative projects that align better with the principles of openness and trust. 

Consider OpenTofu as an alternative to Terraform

If this license change has you questioning Terraform's future openness, it may be worth checking out OpenTofu, a fork of Terraform managed by the Linux Foundation. OpenTofu's commitment to an open-source, community-driven approach provides several key advantages in this context.

Firstly, OpenTofu is guaranteed to be truly open-source with a well-known and widely accepted license. This gives businesses confidence in the continuity of the project's openness and shields them from sudden license changes and vendor-specific whims that could impact usage rights.

Furthermore, OpenTofu emphasizes community-driven development meaning that all features, fixes, and enhancements are reviewed and accepted based on their merit and value to the community, free from any vendor-specific influence. This leads to a project structure that encourages building and integrating with other tools, fostering a vibrant ecosystem.

Finally, with seeking backward compatibility as one of its goals and assurance of OpenTofu's feature parity with Terraform, the transition to OpenTofu is minimized and managed. OpenTofu also goes the extra mile ensuring compatibility with Terraform versions up to 1.5.x making it an ideal drop-in replacement.

With these key advantages, OpenTofu presents itself as the leading open-source IaC option to Terraform, providing stability amidst the uncertainty sparked by HashiCorp's recent license changes.

For startups and SaaS companies looking to avoid lock-in or have more flexibility in their IaC tooling, OpenTofu is an appealing option. You get the same ability to provision and manage infrastructure across clouds like AWS, Azure, and GCP, but you get a transparent roadmap, ability to contribute, and confidence that OpenTofu will remain free and open for the long haul. For teams that prefer to avoid proprietary tools or remain cloud-agnostic, that's a big plus.

Terraform still has a lot going for it and remains a solid choice for infrastructure automation. Even so, OpenTofu provides compatible functionality with an open source license and focus on community. If nothing else, it's a good open source alternative to keep in your back pocket in case HashiCorp's licensing changes become an issue down the road. At Zeet, we’re supportive and excited to see the community rally around OpenTofu.

The Bottom Line: Transparency Matters

At the end of the day, Terraform's license issue highlights why we as a community need to support transparent, open source tools. While vendors want flexibility and control, users crave agency and stability in the software they rely on. There's no easy answer here, but by making our preferences known and avoiding over-reliance on any single solution, we shape the future of open source infrastructure.

While only time will tell how it all plays out, a few things seem clear:

  1. HashiCorp is going to do what's best for HashiCorp. As they should - they're a business, after all. But that means proprietary control and open source values don't mix well.  
  1. The future of Terraform is a bit hazier, but it remains a solid choice for now. Teams already using Terraform don't need to jump ship immediately or overhaul their workflows. 
  1. OpenTofu provides compatible functionality to Terraform but with an open source license and focus on community. For startups that want to avoid lock-in or have more control over their tooling, you can have it in your back pocket as an option if needed.
  1. Feedback and support for open source tools matter. If you prefer openness and transparency in your infrastructure automation, make your voice heard. And support alternative open source projects to drive continued innovation. 

Ultimately, while "open source" and "proprietary" aren't always mutually exclusive, trust and control are hard to reconcile. Vendors want the flexibility to change course quickly, but users crave stability and agency over tools they rely on. By making our preferences known and avoiding over-reliance on any single solution, we shape the future we want to see. Open source infrastructure is simply too vital to remain in the hands of any one company or product. 

The tale of Terraform's license change is still unfolding, but the moral of the story is clear: keep your options open and bet on transparency. 

Happy shipping!

Subscribe to Changelog newsletter

Jack from the Zeet team shares DevOps & SRE learnings, top articles, and new Zeet features in a twice-a-month newsletter.

Thank you!

Your submission has been processed
Oops! Something went wrong while submitting the form.