OpenTofu registry is missing GPG keys for this provider

[pascal-hofmann]

I noticed the public GPG key of this provider is missing in the OpenTofu module registry.

Note: For security reasons, it has to be submitted by the provider author for the OpenTofu registry to accept it.

You can follow this link to submit it: Submit new Provider Signing Key

If you don't have access to the public key anymore, it can be extracted from the terraform registry:

curl 'https://registry.terraform.io/v1/providers/nairb774/flipflop/0.2.0/download/linux/amd64' | jq --raw-output '.signing_keys | .gpg_public_keys | .[0] | .ascii_armor'

I attached the key for reference:
flipflop_registry_key.pub.txt

Background

• OpenTofu is a fork of Terraform that is open-source, community-driven, and managed by the Linux Foundation.
• Hashicorp silently changed the Terms of Service for the terraform provider registry to disallow usage with things other than terraform, so OpenTofu had to build its own registry.

Terraform OpenTofu Version

$ tofu --version
OpenTofu v1.7.1
on darwin_amd64

Expected Behavior

Provider is downloaded and verified.

Actual Behavior

Signature validation was skipped:

- Installed nairb774/flipflop v0.2.0. Signature validation was skipped due to the registry not containing GPG keys for this provider

Steps to Reproduce

• Install OpenTofu
• Run tofu init in any project using this provider.

[nairb774]

Thanks for bringing this to my attention. I have no issues with making this provider available to both Terraform and OpenTofu users so long as the compatibility overhead remains manageable.

I want to acknowledge that I've seen this issue. I will attempt to resolve it when I have the opportunity, but I can't give a timeline on when that might happen.