- **HCP Certificate Authentication Support**– by @JenGoldstrich ([#13435](https://github.com/hashicorp/packer/pull/13435))
Adds support for the `HCP_CRED_FILE` environment variable and removes restrictions on `HCP_CLIENT_ID` and `HCP_CLIENT_SECRET` when connecting builds to an HCP Packer registry.
- **Upgrade Node.js to v22**– by @LeahMarieBush ([#13450](https://github.com/hashicorp/packer/pull/13450))
Updates the Node.js version used for Packer website builds.
---
## 🐛 Bug Fixes
- **fix(winrm): catch cmd err from winrm**– by @anurag5sh in ([#298](https://github.com/hashicorp/packer-plugin-sdk/pull/298))
Improved reliability by catching WinRM remote shell failures during provisioning
- **PowerShell wrapper cleanup**– by @kp2099 ([#13451](https://github.com/hashicorp/packer/pull/13451))
Removed the unused `$result` variable from the wrapper string.
- **fix tests for shell and shell-local**– by @kp2099 in ([#300](https://github.com/hashicorp/packer-plugin-sdk/pull/300))
Acceptance test fixes for shell and shell-local
---
## 🛠 Improvements
- Added workflow-dispatch and set `PACKER_ACC_BUILDERS` for acceptance tests – by @kp2099 ([#13444](https://github.com/hashicorp/packer/pull/13444))
- Improved spacing in `hcl2template` error messages – by @sbraz ([#13453](https://github.com/hashicorp/packer/pull/13453))
- Added callouts for HashiCorp-maintained plugins moving to [releases.hashicorp.com](https://releases.hashicorp.com) – by @BrianMMcClain ([#13438](https://github.com/hashicorp/packer/pull/13438))
---
## 📦 Dependencies
- Bump `github.com/ulikunitz/xz` from **0.5.10 → 0.5.14**– by @dependabot ([#13459](https://github.com/hashicorp/packer/pull/13459))
- Bump `golang.org/x/oauth2` from **0.13.0 → 0.27.0**– by @dependabot ([#13460](https://github.com/hashicorp/packer/pull/13460))
- Bump `github.com/ulikunitz/xz` from **0.5.10 → 0.5.15**– by @kp2099 ([#13461](https://github.com/hashicorp/packer/pull/13461))
- Bump `github.com/hashicorp/packer-plugin-sdk` from **0.6.2 → 0.6.3**– by @kp2099 ([#13462](https://github.com/hashicorp/packer/pull/13462))
---
## 👩💻 New Contributors
- @LeahMarieBush made their first contribution in [#13450](https://github.com/hashicorp/packer/pull/13450) 🎉
// NewClient returns an authenticated client to a HCP Packer Registry.
// Client authentication requires the following environment variables be set HCP_CLIENT_ID and HCP_CLIENT_SECRET.
// Upon error a HCPClientError will be returned.
funcNewClient()(*Client,error){
if!env.HasHCPCredentials(){
hasAuth,err:=env.HasHCPAuth()
iferr!=nil{
returnnil,&ClientError{
StatusCode:InvalidClientConfig,
Err:fmt.Errorf("Failed to check for HCP auth, error: %s",err.Error()),
}
}
if!hasAuth{
returnnil,&ClientError{
StatusCode:InvalidClientConfig,
Err:fmt.Errorf("the client authentication requires both %s and %s environment variables to be set",env.HCPClientID,env.HCPClientSecret),
Err:fmt.Errorf("HCP Authentication not configured, either set an HCP Client ID and secret using the environment variables %s and %s, place an HCP credential file in the default path (%s), or at a different path specified in the %s environment variable.",env.HCPClientID,env.HCPClientSecret,env.HCPDefaultCredFilePathFull,env.HCPCredFile),
// Client crendential authentication requires the following environment variables be set; `HCP_CLIENT_ID` and `HCP_CLIENT_SECRET`.
hasClientCredentials:=HasHCPClientCredentials()
// Client certificate authentication requires a valid HCP certificate file placed in either the default location (~/.config/hcp/cred_file.json) or at a location specified in the `HCP_CRED_FILE` env var
hasCertificate,err:=HasHCPCertificateFile()
iferr!=nil{
returnfalse,err
}
ifhasClientCredentials&&hasCertificate{
fmt.Printf("HCP Client Credentials (HCP_CLIENT_ID/HCP_CLIENT_SECRET environment variables) and certificate (HCP_CRED_FILE environment variable, or certificate located at default path (%s) are both supplied, only one is required. The HCP SDK will determine which authentication mechanism to configure here, it is reccomended to only configure one authentication method",HCPDefaultCredFilePathFull)
Detail:fmt.Sprintf("Failed to check for HCP authentication, error: %s",err.Error()),
Severity:hcl.DiagError,
})
}elseif!hasAuth{
diags=append(diags,&hcl.Diagnostic{
Summary:"HCP authentication information required",
Detail:fmt.Sprintf("The client authentication requires both %s and %s environment "+
"variables to be set for authenticating with HCP.",
env.HCPClientID,
env.HCPClientSecret),
Summary:"HCP authentication information required",
Detail:fmt.Sprintf("HCP Authentication not configured, either set an HCP Client ID and secret using the environment variables %s and %s, place an HCP credential file in the default path (%s), or at a different path specified in the %s environment variable.",env.HCPClientID,env.HCPClientSecret,env.HCPDefaultCredFilePath,env.HCPCredFile),
Starting August 1st, 2025, the source for many official HashiCorp-maintained Packer plugins is moving from GitHub releases to the official HashiCorp release site, [releases.hashicorp.com](https://releases.hashicorp.com). Refer to [Install HashiCorp-maintained plugins](/packer/docs/plugins/install#install-hashicorp-maintained-plugins) for more information.
</Note>
The `packer build` command takes a template and runs all the builds within it
in order to generate a set of artifacts. The various builds specified within a
template are executed in parallel, unless otherwise specified. And the
Starting August 1st, 2025, the source for many official HashiCorp-maintained Packer plugins is moving from GitHub releases to the official HashiCorp release site, [releases.hashicorp.com](https://releases.hashicorp.com). Refer to [Install HashiCorp-maintained plugins](/packer/docs/plugins/install#install-hashicorp-maintained-plugins) for more information.
</Note>
The `packer init` command initializes Packer according to an HCL template configuration. Refer to [Installing Plugins](/packer/docs/plugins/install) for additional information about installing plugins.
Starting August 1st, 2025, the source for many official HashiCorp-maintained Packer plugins is moving from GitHub releases to the official HashiCorp release site, [releases.hashicorp.com](https://releases.hashicorp.com). Refer to [Install HashiCorp-maintained plugins](/packer/docs/plugins/install#install-hashicorp-maintained-plugins) for more information.
</Note>
The `packer plugins install` command downloads and installs the most recent version of a plugin binary. Refer to [Installing Plugins](/packer/docs/plugins/install) for additional information about installing plugins.
You can use HCP Packer with both JSON and HCL2 templates. If you are using JSON templates, we recommend getting started with
the [HCP Packer environment variables](#hcp-packer-environment-variables) and then migrating to HCL when possible.
## Requirements
## Requirements
Packer version 1.9.1 or newer is required to use the `HCP_PROJECT_ID` environment variable, which lets Packer connect to specific projects in HCP. Your builds will fail if you configure them to send mulit-project metadata using Packer versions older than 1.9.1.
@ -35,7 +35,9 @@ changing your template. You can use environment variables with both JSON and HCL
Refer to [Basic Configuration With Environment Variables](/hcp/docs/packer/store-image-metadata/packer-template-configuration#basic-configuration-with-environment-variables)
in the HCP Packer documentation for complete instructions and examples.
You must set the following environment variables to enable Packer to push metadata to a registry.
You must set authentication environment variables to connect to HCP Packer, you can either directly set a client ID and secret, or (on Packer versions 1.14.2 and later) use an HCP certificate file
For client ID and secret, you set the following environemnt variables
- `HCP_CLIENT_ID` - The HCP client ID of a HashiCorp Cloud Platform service principle that Packer can use to
authenticate to an HCP Packer Registry.
@ -43,6 +45,10 @@ authenticate to an HCP Packer Registry.
- `HCP_CLIENT_SECRET` - The HCP client secret of the HashiCorp Cloud Platform service principle that Packer
can use to authenticate to an HCP Packer Registry.
For certificate based auth simply specify the location of the valid HCP certificate file in the `HCP_CRED_FILE` environment variable, or place it in the default location for the HCP SDK, `~/.config/hcp/cred_file.json`
See the following HCP docs for more information on [Workload Identity Federation](https://developer.hashicorp.com/hcp/docs/hcp/iam/service-principal/workload-identity-federation) and certificate authentication
- `HCP_PACKER_BUCKET_NAME` - The name of the HCP Packer Bucket where you want HCP Packer to store artifact metadata
from builds associated with your template. HCP Packer automatically creates the bucket if it does not already exist.
If your HCL2 template contains an `hcp_packer_registry` block, the bucket name specified in the configuration will be
Starting August 1st, 2025, the source for many official HashiCorp-maintained Packer plugins is moving from GitHub releases to the official HashiCorp release site, [releases.hashicorp.com](https://releases.hashicorp.com). Refer to [Install HashiCorp-maintained plugins](/packer/docs/plugins/install#install-hashicorp-maintained-plugins) for more information.
</Note>
This topic provides overview information about installing and loading Packer plugins. Plugins are standalone applications that perform additional tasks during each build.
Starting August 1st, 2025, the source for many official HashiCorp-maintained Packer plugins is moving from GitHub releases to the official HashiCorp release site, [releases.hashicorp.com](https://releases.hashicorp.com). Refer to [Install HashiCorp-maintained plugins](#install-hashicorp-maintained-plugins) for more information.
</Note>
This topic describes how to install external plugins for Packer. Refer to [Packer Plugins Overview](/packer/docs/plugins) for additional information about plugins.
## Overview
@ -29,9 +35,13 @@ Note that Packer checks the plugin installation directory against the `required_
By default, Packer installs plugins into the plugins directory at `$HOME/.config/packer/plugins` on Unix and `%APPDATA%\packer.d\plugins` on Windows, but you can specify a different directory using the `PACKER_PLUGIN_PATH` environment variable.
~> Note: Plugin installation requires access to temporary files under `TMPDIR`. If the system's temp directory is non-writable or non-executable, use TMPDIR to override the location of the temporary file store used by Packer.
<Note>
Plugin installation requires access to temporary files under `TMPDIR`. If the system's temp directory is non-writable or non-executable, use TMPDIR to override the location of the temporary file store used by Packer.
Refer to the [Packer configuration reference](/packer/docs/configure) for additional information.
</Note>
## Requirements
To install a plugin from a remote source, the plugin must meet the following requirements:
@ -69,11 +79,22 @@ pinning plugin versions for build reproducibility. Refer to the [`packer` block
1. Run the `packer init` command. Packer lists all installed plugins then installs the latest plugin version matching the version constraints specified in the `required_plugins` block. Refer to the [`init` command reference](/packer/docs/commands/init) for additional information.
~> Note: With the new Packer release starting from version 1.14.0, the packer init command will automatically install official (Amazon, Ansible, Azure, Docker, GoogleCloudPlatform, Qemu, Vagrant, VirtualBox) plugins from the [HashiCorp release site](https://releases.hashicorp.com/).
These official plugins will now be released through the official release site only.
## Install HashiCorp-maintained plugins
HashiCorp now makes the following official HashiCorp-maintained plugins available through the [HashiCorp release site](https://releases.hashicorp.com/).
Going forward, to use newer versions of official Packer plugins, you'll need to upgrade to Packer version 1.14.0 or later. If you're using an older version, you can still install plugins, but as a workaround, you'll need to [manually install them using the CLI](https://developer.hashicorp.com/packer/docs/plugins/install#manually-install-plugins-using-the-cli).
There is no change to the syntax or commands for installing plugins.
Starting in Packer 1.14.0, Packer automatically installs these plugins from the new release source, and you do not need to make any changes to your Packer templates. To continue to automatically receive updates to these plugins, you must upgrade to Packer 1.14.0 or newer. If you cannot upgrade your version of Packer, you can still install new versions of these plugins manually. Refer to [Manually install plugins using the CLI](#manually-install-plugins-using-the-cli) for more information.
Refer to the [`packer plugins install`](/packer/docs/commands/plugins/install) reference for additional information.
## Upgrade plugins
To upgrade plugins that are already installed, run the `packer init` with the `--upgrade` flag. Packer retrieves the latest versions of installed plugins specified in the template configuration.
@ -110,7 +130,6 @@ Refer to [`packer init` command](/packer/docs/commands/init) for additional info
## Use a plugin under development
If a development binary, such as a manually-built binary, is available at the specified source, Packer uses it in the build if it is the highest compatible version installed and if no final plugin version with the same version number is installed alongside it.
In the following example, version `1.1.0` or newer is required:
@ -155,7 +174,6 @@ When a non-development version of 1.1.1 becomes available, the binary takes prec
kp2099
7 months ago
committed by
GitHub