BSL License Risk Advisory

As of August 2023, HashiCorp moved Terraform, Vault, Consul, Nomad, and Packer from an open source license to the Business Source License 1.1. IBM later acquired HashiCorp. The Business Source License restricts competitive production use and converts to an open license only after a delay, commonly four years. For most enterprises the headline is simple: a tool you adopted as open source now carries terms that depend on how you use it, and the change reaches versions you are likely to upgrade to.

BSL license risk advisory exists to make that exposure legible. We start by finding every place the affected products run, direct and embedded, then separate the deployments that sit comfortably inside the license from the ones that do not. The result is a clear, current picture you can take to procurement, engineering, and your board.

What the Business Source License changes for you

The Business Source License is source available, not open source. It is not approved by the Open Source Initiative. The core restriction is on competitive use: you may not offer the software as a product that competes with the licensor. For an internal platform team that line may be easy to stay behind. For a managed service provider or a vendor that embeds the tooling, the line is exactly where the risk lives. We size that distinction for your business rather than reading the worst case onto every deployment.

The advisory also accounts for the conversion clause. Each version converts to an open license after the stated delay, so the exposure on an old release differs from the exposure on a current one. We map that timeline against your upgrade cadence so you know which decisions are urgent and which can wait.

Your options: fork, license, or stay

There are three honest paths, and we weigh them on equal terms. You can move to OpenTofu, the community fork of Terraform published under an open license, where that fits your modules and providers. You can take a commercial license from the vendor where the relationship and the feature set justify it. Or you can stay on the version you have, understanding the support and conversion timeline that comes with it. Each path carries an engineering cost, a license posture, and a timeline, and we attach all three so the choice holds up under scrutiny.

For the full picture of the HashiCorp change and the fork landscape, see our pillar on HashiCorp and Terraform licensing. When the right answer is a negotiated agreement, our relicensing exposure review sizes the deal from your side of the table.

Why a buyer side advisor

We sell no tooling and take no vendor commission. We are paid only by you. That matters most when the options include a commercial license, because the advisor recommending the deal should not be the party who benefits from it. Our recommendation reflects your exposure and your leverage, nothing else. You can read more about why our independence matters.