In recent months, HashiCorp has rolled out a suite of improvements to HCP Terraform and Terraform Enterprise, aimed at giving organizations greater visibility into infrastructure costs, more granular control over resource sharing, and stronger governance across the entire lifecycle. These new features—now generally available or in beta—address key pain points for platform teams, from understanding where money is being spent to securely managing cross-project dependencies. Below, we break down the most impactful additions and how they can transform your infrastructure management.
1. What are billable resource analytics and how do they help?
Billable resource analytics, now generally available for HCP Terraform, bring unprecedented transparency to resource consumption. Previously, organizations using resources under management (RUM)-based billing could only see total costs at the organizational level—hiding which projects or workspaces were driving expenses. The new feature provides a self-service view that breaks down billable managed resources by project and workspace, enabling decision-makers to identify high-consumption areas, predict future costs, and eliminate waste. With this granularity, teams can proactively adjust resource allocation, right-size deployments, and tie infrastructure spending directly to business priorities. For example, an engineering lead can spot an oversized staging environment and downsize it before the next invoice. The data is accessible via the existing usage page for any paid HCP Terraform plan, making cost optimization an immediate, actionable step rather than a reactive scramble. Learn how remote state sharing complements this.
2. How does project-level remote state sharing improve data access?
Project-level remote state sharing, now generally available, solves a common dilemma for platform teams managing large-scale infrastructure on HCP Terraform and Terraform Enterprise. Previously, sharing state data across workspaces meant exposing it broadly, creating security risks and making it hard to control dependencies. The new capability allows administrators to define exactly which projects can consume remote state from specific workspaces. This granularity means a team working on networking can securely access state from a database workspace without giving them full write access or exposing unrelated resources. The result: platform teams can enforce least-privilege data sharing, reduce coordination bottlenecks, and enable faster, safer collaboration across multiple projects. Combined with billable resource analytics, you gain both cost and access visibility to optimize your infrastructure lifecycle. See how dynamic credentials testing further hardens security.
3. What is module testing for dynamic credentials?
Module testing for dynamic credentials, now generally available, extends Terraform's robust testing framework to modules that generate temporary credentials. Previously, testing modules that rely on dynamic credentials (e.g., database passwords or cloud provider tokens) required complex workarounds or manual verification. This new feature enables developers to write automated tests that validate credential generation, rotation, and expiration within standard module tests. By integrating credential lifecycle testing directly into the CI/CD pipeline, teams catch misconfigurations early—reducing the risk of oversight that could lead to security breaches. For instance, a module that dynamically creates IAM roles can now be tested to ensure credentials expire after the expected duration and are not leaked into logs. This strengthens governance by making credential management as testable as any other infrastructure resource, aligning security with DevOps practices. Explore how project-level notifications keep you informed.
4. How do project-level notifications enhance governance?
Project-level notifications, now generally available, give platform teams a powerful tool for real-time governance. Previously, notifications could only be set at the organizational level, causing noise for some teams and gaps for others. Now, administrators can configure alerts per project—for example, notifying only the data-engineering team when a workspace in their project fails a run or reaches a quota threshold. This targeted approach reduces alert fatigue and ensures the right people act on critical events. It also supports compliance by enabling auditing teams to receive only relevant project updates without wading through organization-wide messages. The feature works seamlessly with existing notification channels (Slack, webhooks, email) and can be combined with state sharing rules to create a robust feedback loop: if a shared state update fails, the consuming project gets an immediate alert while the upstream team remains undisturbed. Learn how registry tagging organizes your modules.
5. What benefits does registry tagging bring?
Registry tagging, now in beta, introduces a simple yet powerful way to categorize and discover modules in the Terraform Registry. As organizations accumulate hundreds of internal modules, finding the right one becomes a challenge. Tags allow publishers to attach custom labels (e.g., 'vpc', 'production-ready', 'overseen-by-security') to modules, making search and filtering far more efficient. For consumers, this means they can quickly locate modules that meet specific criteria, such as compliance or team ownership. For platform teams, tagging enhances governance by enabling consistent naming conventions and easier audit trails—every module's purpose and status becomes transparent. The beta release includes support for multiple tags per module, with plans to extend the feature to private registries. Paired with project-level notifications and billable analytics, registry tagging completes the puzzle of a well-governed, cost-aware infrastructure ecosystem. Back to cost visibility.
6. How do these features collectively strengthen infrastructure governance?
Individually, each new feature addresses a specific blind spot—cost visibility, secure state sharing, credential testing, targeted alerts, and module organization. Together, they form a cohesive governance framework. Billable resource analytics ensure financial oversight, project-level remote state sharing enforces least-privilege data flow, dynamic credentials testing hardens security, and project-level notifications keep stakeholders in the loop without noise. Registry tagging adds discoverability and standardization. For platform teams, this means fewer surprises: unexpected bills, security leaks, or configuration drifts become manageable through proactive tooling. The unified approach eliminates manual work—no more stitching together spreadsheets for costs or relying on spreadsheets to track module versions. Instead, teams can focus on delivering infrastructure that aligns with business goals, knowing that cost, security, and access are continuously monitored and controlled. These enhancements represent a significant leap toward a fully observable, governable infrastructure lifecycle within Terraform.