Terraform’s License Change and Its Implications

Javier Cañete
Logotipo horizontal de HashiCorp, empresa que cambió la licencia de Terraform a BSL y cuyas motivaciones e impacto en el ecosistema se analizan en el artículo

On 10 August 2023, HashiCorp announced the license change of Terraform and the rest of its product suite to the Business Source License v1.1 (BSL). Beyond the technical news, this move deserves analysis: it reflects a growing tension between companies that create infrastructure software and cloud providers that monetise it without contributing.

Here we break down what legally changed, why HashiCorp did it, and what precedents exist in the industry.

What the BSL Says Exactly

The Business Source License isn’t an open-source license in the strict sense (not OSI-approved). Its key points:

  • Free use allowed for any purpose that isn’t “production usage that competes with HashiCorp commercial offerings”.
  • Broad definition of competition: offering a managed service or product whose principal value derives from the software under BSL.
  • Automatic change to MPL 2.0 after 4 years (“Change Date” clause). Today’s code will be MPL in August 2027.
  • Code access without restriction, including the right to modify and redistribute, within the limits of the competition clause.

In practice, for a company that uses Terraform internally to manage its infrastructure, nothing changes. For a company building a product on Terraform, it depends on how close that product is to HashiCorp’s business.

Why HashiCorp Did It

HashiCorp isn’t the first company to make this move. The publicly stated motivation and the underlying one converge:

  • Cloud-provider free-riding. AWS, Azure, and GCP offer managed services of Vault, Consul, and similar without contributing financially to development. For a publicly traded company with shareholder duty, this is hard to justify long-term.
  • SaaS competition built on the core. Spacelift, env0, Terraform Cloud alternatives — all live off a core HashiCorp maintains at its expense.
  • Monetisation pressure. HashiCorp went public in 2021. Profitability matters more than at a private company.

It’s a business decision consistent with its incentives. If it angers you, that’s valid — but recognise that the “pure open source + vendor managed service” model has rarely worked long-term when hyperscalers are in the market.

The Precedent of Other Companies

HashiCorp isn’t alone on this path:

  • MongoDB (2018): from AGPL to SSPL (Server Side Public License), also non-OSI-approved.
  • Elastic (2021): from Apache 2.0 to “Elastic License v2” + SSPL as dual license.
  • CockroachDB (2019): to BSL.
  • Sentry (2019): to BSL.
  • MariaDB MaxScale: to BSL.

The pattern is clear: companies that sustain critical open-source software are migrating toward licenses that protect their business against hyperscalers, accepting loss of the strict “open source” label.

The ecosystem’s response is also predictable: each change generates a fork. AWS forked Elasticsearch creating OpenSearch. The Linux Foundation embraced OpenTofu in response to Terraform.

Real Impact for Typical Users

If your Terraform usage is:

  • Internal IaC managing your own infra: nothing changes legally. You still get updates, providers, everything.
  • CI pipeline with Atlantis: nothing changes.
  • Applying Terraform templates at consulting clients: nothing changes as long as you don’t offer a managed Terraform product-service as such.
  • Building a SaaS product where Terraform is a main component: here yes — you need legal advice or to move to OpenTofu.

For 95% of teams, the change is a political footnote, not an operational issue.

The Intangible Loss

What is lost — and why many in the community feel it badly — is trust in open source’s implicit contract. Adopting Terraform in 2018 implied a community commitment: the code will always be free, you can fork it if HashiCorp disappears, you can contribute and benefit. The BSL alters that contract unilaterally, though existing versions keep their original licenses.

For future infrastructure projects, this lesson matters: neutral governance (Linux Foundation, CNCF, Apache Foundation) offers guarantees a single vendor cannot, no matter their initial good faith.

Expect more of this in coming years. Companies with critical open-source software and SaaS-based business models will look for similar protections. OSI debates how to modernise its open-source definition. Foundations position as more relevant neutral custodians than ever.

For technology leaders, two pieces of advice:

  1. Audit your critical open-source dependencies. Who controls them? What happens if they change licenses? Is there a reasonable alternative?
  2. Prefer projects in neutral foundations for new critical infrastructure. Legal stability over 5+ years matters.

Conclusion

Terraform’s license change is a symptom of structural tension between creators and monetisers of infrastructure software. It’s legitimate and predictable from a business standpoint; it’s painful from a community standpoint. OpenTofu’s existence reduces technical impact, but the debate over what “open source” means in 2023 remains open.

Follow us on jacar.es for more on licensing, infrastructure as code, and open-source ecosystem dynamics.

Entradas relacionadas