Initial thoughts about HashiCorp license changes

The consequences of HashiCorp changing it's licenses from MPL to BSL

A bit of a different blog post today. As of a few hours ago, Terraform's license has been changed from an open source license (MPL) to BSL. This change is not exclusive to Terraform. It applies to all HashiCorp’s open source products.

The announcement from HashiCorp today definitely threw me for a loop. I've contributed to the terraform AWS provider and spent significant time with Vagrant back in college, and Terraform, Packer, and Vault more recently. I have never done significant work with Nomad, Consul, Waypoint or Boundary.

Why did HashiCorp change the license?

It is tremendously difficult to monetize open source dev tools, but I figured HashiCorp had nailed down the recipe. Even though my own team typically uses Terraform without Terraform Cloud and Vault without paying for the managed offerings.

We don’t use managed offerings because we like to control where things run and don't feel like the managed offerings add enough value to us. For teams less intimate with DevOps practices and infrastructure, managed offerings definitely reduce the barrier to using these products.

Upon hearing about this change in licensing, I recalled that HashiCorp is a public company and I did a little bit of digging. Since it’s IPO in December 2021, has lost 67% of its value. The company has not turned a profit, and it’s $137.98M revenue this quarter was eclipsed by its $179.01M of operating expenses. The company’s growth story doesn’t look promising either. Over the last year, HashiCorp’s cash reserves have fallen over 5%. It’s assets during this time have only increased 0.29%.

The promise, and therefore value of HashiCorp’s Terraform Cloud has decreased significantly since it’s IPO. Ironically, I suspect this decrease in value is an indirect consequence of its popularity.

As Terraform has become more popular, more resources and guides are available to enable people to operate independently. Some of these resources include direct competitors to Terraform Cloud itself. Spacelift.io, for instance, offers a direct competitor to Terraform Cloud. Consequently, the promise, and therefore value of HashiCorp’s managed solutions has decreased.

These changes in licensing feel like a desperate response to business pressures and are a frantic attempt to make more money off of existing products.

The move will probably yield some dividends too. By disallowing third parties like Spacelift.io to leverage new versions of terraform, new business will probably naturally shift over to Terraform Cloud. I’m betting Spacelift.io is reeling right now.

What consequences will the license change have for in the marketplace?

Terraform's dominance in the marketplace makes it the de-facto cloud infrastructure provisioning choice for enterprises. The product has a ton of inertia, and enterprise organizational guidance and devops engineers are therefore unlikely to switch to competitors like Pulumi. Terraform’s new license restrictions still allow these enterprises to use Terraform to manage their own infrastructure.

CloudOps platforms that compete directly with Terraform Cloud like Spacelift.io, on the other hand have been more severely kneecapped. These will need to take drastic action to recover from this blow.

A managed solution that is more moderately impacted by this license change is AWS Proton. Proton allows users to run terraform templates on demand within AWS. In this case, where the product isn't a direct competitor to Terraform Cloud, I expect Amazon and HashiCorp to arrive at some kind of symbiotic arrangement.

Other HashiCorp products like Vault and Vagrant, for instance, are more standalone in nature and I don't think people are trying to use them compete with HashiCorp managed offerings to the same extent. As such, the changes in license are even less meaningful.

If I were a betting man, I’d make the following five predictions

1. Until Terraform is forked, system integrators and cloud solution providers will continue to use terraform as usual. The widespread industry adoption of terraform makes it a safe bet. Nobody ever got fired for buying IBM. Because the licenses remain permissive enough for these companies and because the product has enough inertia, little will change.

2. Platforms like Spacelift.io will push alternatives like Pulumi hard, and will consider forking terraform. This change directly attacks their product and responding effectively is existential.

3. Other infrastructure as code tools like PulumiCorp might invest in using this licensing move as an opportunity for differentiation. Knowing Pulumi’s style, I would be unsurprised if they added support for Hashicorp Configuration Language.

4. Terraform providers will probably retain fully open source licenses. If they don't, they will promptly be forked by the Open Source community.

5. Smaller and more innovative companies will start adopting fully open source infrastructure as code platforms. Tools like Pulumi will probably see a decent boost from this. Developers exploring new approaches to infrastructure as code will begin to explore alternatives.

What is the long term prognosis for HashiCorp

I expect that this change in licensing will enable a small boost to HashiCorp in the short term, but I am not buying any stock soon. It seems to me like the current business model is unsustainable. The HashiCorp team needs to cut costs significantly or find a new source of revenue.

Because the products bringing in 85%+ of revenue to HashiCorp are Terraform Cloud and HCP Vault, these products probably consume most of the company’s budget. Given their complexity, I expect that supporting products like Consul and Nomad is probably reasonably expensive too. Resources will probably be diverted away from these products.

I’m not sure what HashiCorp is doing to innovate, but I don’t think these license changes will change the company’s fortune significantly in the long term. The company will need to pull another hit product out of its hat if it is to succeed.

Will I continue to use Terraform and Vault?

For personal use and our app modernization projects, I gradually moved away from Terraform almost 2 years ago. These days, I prefer to use Cloud Provider-native secrets management solutions to Vault, and Pulumi to Terraform as my IaC solution of choice.

With that said, my team is a team of system integrators. It is our job to meet customers where they are, and if a customer’s engineers are trained on terraform, I don’t think these license changes are substantial enough to warrant a change in recommendations. Terraform remains a mature product, and I expect that I will continue to use it for years to come.

At least until infrastructure-from-code frameworks like Eventual Cloud and getAmpt go mainstream or Pulumi get the love they deserve.