Skip to main content

What is .terraform.lock.hcl?

In the cloud-platform-infrastructure repo each layer has a .terraform.lock.hcl file for example.

The lock file is concerned with pinning provider versions. Terraform providers manage resources by communicating between Terraform and the target APIs eg. the kubectl provider allows terraform to take hcl code and run kubectl commands.

The lock file ensures that every user is using the same providers. This is important because different providers can deploy resources differently, resulting in inconsistent applies each machine.

Everytime you run the terraform init command terraform creates or updates the .terraform.lock.hcl file.

There are 2 aspects to pinning providers:

  1. terraform that specifies version constraints for example
  2. the .terraform.lock.hcl dependency lock file which contains the specific hashes for the version to be used

Working with .terraform.lock.hcl files

Due to the architecture difference between our mac m* chips and the pipeline every time a user runs a terraform init it will make changes to the .terraform.lock.hcl file. This diff is sometimes misleading.


  • Do not commit the lock file if you have not changed any provider versions
  • If you make changes to any provider versions then you should use the command below to add a platform compatible lock file

Commiting changes to the lock file

Because the team is mainly on mac m* chips we are generally running a different architecture (arm64) to the terraform that will run in the pipeline (amd64). Therefore if we want to commit a compatible lock file you must run before adding it to git:

terraform providers lock -platform=linux_amd64

Further reading

This page was last reviewed on 3 April 2024. It needs to be reviewed again on 3 October 2024 by the page owner #cloud-platform .
This page was set to be reviewed before 3 October 2024 by the page owner #cloud-platform. This might mean the content is out of date.