🎉 DevOps Interview Prep Bundle is live — 1000+ Q&A across 20 topicsGet it →
All Fixes
Today I Fixed

Terraform: Provider Lock File Mismatch on Different OS

terraformMay 28, 202615 minutes to fixterraformtroubleshooting

The Problem

My CI/CD pipeline (Linux) started failing with:

Error: Failed to install provider

The current package for registry.terraform.io/hashicorp/aws 5.50.0 doesn't 
match any of the checksums previously recorded in the dependency lock file.

But terraform init worked fine on my Mac.

What Happened

The .terraform.lock.hcl file was generated on macOS and committed. It only included checksums for the darwin/arm64 platform. When the Linux CI runner tried to use the same lock file, the Linux checksums weren't there.

The Fix

bash
# Add checksums for all platforms you use
terraform providers lock \
  -platform=linux_amd64 \
  -platform=linux_arm64 \
  -platform=darwin_amd64 \
  -platform=darwin_arm64 \
  -platform=windows_amd64
 
# Commit the updated lock file
git add .terraform.lock.hcl
git commit -m "chore: add multi-platform provider checksums"

This regenerates the lock file with checksums for all specified platforms, so CI and local dev both work.

Alternative: Upgrade Lock File in CI

If you don't want to commit platform-specific hashes:

bash
# In CI pipeline, add -upgrade to allow lock file updates
terraform init -upgrade

But this bypasses version pinning, which is worse. The providers lock approach is the right fix.

Root Cause

The .terraform.lock.hcl is designed to be committed. But it needs to include checksums for all platforms that will run terraform init. Generate it properly once, commit it, done.

Older fixDocker: Permission Denied on /var/run/docker.sockdockerNewer fix AWS ECR: 401 Unauthorized When Pulling Image in Kuberneteskubectl
Browse all fixes