RepoJournal
HashiCorp

@hashicorp

Terraform, Vault, Consul — infra-as-code for ops teams

Pick a date

  1. Sun 3 may
  2. Tue 5 may
  3. Wed 6 may
  4. Thu 7 may
  5. Fri 8 may
  6. Sat 9 may
  7. Sun 10 may
  8. Mon 11 may
  9. Tue 12 may
  10. Wed 13 may
  11. Thu 14 may
  12. Fri 15 may
  13. Sat 16 may
  14. Sun 17 may
  15. Tue 19 may
  16. Wed 20 may
  17. Thu 21 may
  18. Sat 23 may
  19. Sun 24 may
  20. Mon 25 may
  21. Tue 26 may
  22. Wed 27 may
  23. Thu 28 may
  24. Fri 29 may
  25. Sat 30 may
  26. Sun 31 may
  27. Mon 1 jun
  28. Mon 8 jun
  29. Tue 9 jun
  30. Today 10 jun

The Wire · Showcase

TFE TOKEN POLICY LANDS, CONSUL K8S 2.0 BREAKS GROUND, SECURITY PATCHES ROLL

By RepoJournal · Filed · About HashiCorp

Terraform Enterprise gains token TTL enforcement while Consul K8s ships its biggest breaking change yet, and three separate security updates patch Go vulnerabilities across the platform.

The Terraform provider for TFE just merged a new resource for token time-to-live policies [1], letting organizations enforce maximum lifespans on API tokens and auto-revoke anything that exceeds the limit. This is the credential hygiene upgrade teams have been waiting for. Meanwhile, Consul K8s 2.0.0 dropped today [2] with a breaking change to the API gateway controller and Go 1.26 to close security gaps, requiring compatibility checks against Consul 2.0.x before you upgrade. The same security hole that prompted the 2.0 release also hit the maintenance branches: both 1.8.13 and 1.9.8 patched x/net to 0.55.0 to resolve GO-2026-4918 [3] [4], along with a fix for incorrect FIPS version checks that was spamming logs. Over in Packer land, the SDK gained native support for macOS command and option keys in boot commands [6], finally making it natural to automate Mac builds. The Google Compute plugin fixed a serialization bug where empty ShieldedVMStateConfig was leaking into API requests [5], and the Amazon plugin has vulnerability patches in flight [7].

Action items

References

  1. [1] New resource 'tfe_org_max_token_ttl_policy' to create/update token time to live ↗ hashicorp/terraform-provider-tfe
  2. [2] v2.0.0 ↗ hashicorp/consul-k8s
  3. [3] v1.8.13 ↗ hashicorp/consul-k8s
  4. [4] v1.9.8 ↗ hashicorp/consul-k8s
  5. [5] fix: avoid sending empty ShieldedInstanceInitialState on image create ↗ hashicorp/packer-plugin-googlecompute
  6. [6] Add bootcommand mappings for left/right command and option keys ↗ hashicorp/packer-plugin-sdk
  7. [7] Vunerablity Fix for the crypto and net ↗ hashicorp/packer-plugin-amazon

FAQ

What changed in HashiCorp on May 25, 2026?
Terraform Enterprise gains token TTL enforcement while Consul K8s ships its biggest breaking change yet, and three separate security updates patch Go vulnerabilities across the platform.
What should HashiCorp teams do about it?
Upgrade Consul K8s to 1.8.13 or 1.9.8 immediately for GO-2026-4918 patch • Review Consul K8s 2.0.0 compatibility matrix before next platform upgrade • Merge new TFE token TTL policy resource into your IaC workflow
Which HashiCorp repositories shipped on May 25, 2026?
hashicorp/terraform-provider-tfe, hashicorp/consul-k8s, hashicorp/packer-plugin-googlecompute, hashicorp/packer-plugin-sdk, hashicorp/packer-plugin-amazon

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.