HashiCorp has announced the general availability of version 7.0 of the Terraform provider for Google Cloud, introducing new features focused on improving security and validation across infrastructure code. In the announcement, the company said the release “continues to expand on these security-first features” and is intended to help teams safely and predictably manage their Google Cloud resources at scale. The release aligns with Google’s broader support for Terraform as part of its Infrastructure Manager documentation, which provides official guidance for deploying resources on Google Cloud.
The provider has now surpassed 1.4 billion downloads and supports more than 800 resources and 300 data sources. Version 7.0 builds on capabilities introduced in recent Terraform releases, including ephemeral resources and write-only attributes, both designed to keep sensitive data out of Terraform state files.
Ephemeral resources, supported since Terraform 1.10, allow teams to generate short-lived credentials that never touch persistent state. According to the announcement, the update adds support for new ephemeral types, including google_service_account_access_token, enabling temporary credentials to be used securely during plan or apply operations. Write-only attributes, introduced in Terraform 1.11, extend this concept by allowing secrets such as passwords or API keys to be sent to the API without being recorded. The company added that the release expands the use of write-only attributes across additional resources, ensuring that sensitive values remain transient and confidential.
Version 7.0 also enforces stricter schema validation to catch configuration errors earlier. Attributes that the Google Cloud API effectively requires are now treated as mandatory, meaning validation happens during planning rather than at apply time. Some attributes have been deprecated or renamed to align with current Google Cloud APIs, prompting users to review configurations before upgrading.
As a major version, the release introduces breaking changes. The official upgrade guide advises migrating first to the latest 6.x release and testing in non-production environments. The release notes confirm these changes, listing the removal of deprecated resources, such as google_beyondcorp_application, and new additions, like google_network_services_wasm_plugin.
Florin Lungu, a maintainer of the provider, described the release on LinkedIn as one that “introduces ephemeral resources, write-only attributes, and validation logic”, reflecting a broader shift toward stronger security and reliability in Terraform’s cloud integrations.
For organisations managing infrastructure at scale, version 7.0 delivers meaningful improvements in how secrets and configurations are handled. Secrets are less likely to leak through Terraform state, and validation now catches errors earlier in the lifecycle. While migration may require effort, the enhanced security model is likely to appeal to teams seeking greater assurance over infrastructure automation.
