diff --git a/tfexec/cmd.go b/tfexec/cmd.go
index 7473b66c..d9422404 100644
--- a/tfexec/cmd.go
+++ b/tfexec/cmd.go
@@ -15,14 +15,16 @@ import (
 )
 
 const (
-	checkpointDisableEnvVar = "CHECKPOINT_DISABLE"
-	logEnvVar               = "TF_LOG"
-	inputEnvVar             = "TF_INPUT"
-	automationEnvVar        = "TF_IN_AUTOMATION"
-	logPathEnvVar           = "TF_LOG_PATH"
-	reattachEnvVar          = "TF_REATTACH_PROVIDERS"
-	appendUserAgentEnvVar   = "TF_APPEND_USER_AGENT"
-	workspaceEnvVar         = "TF_WORKSPACE"
+	checkpointDisableEnvVar  = "CHECKPOINT_DISABLE"
+	logEnvVar                = "TF_LOG"
+	inputEnvVar              = "TF_INPUT"
+	automationEnvVar         = "TF_IN_AUTOMATION"
+	logPathEnvVar            = "TF_LOG_PATH"
+	reattachEnvVar           = "TF_REATTACH_PROVIDERS"
+	appendUserAgentEnvVar    = "TF_APPEND_USER_AGENT"
+	workspaceEnvVar          = "TF_WORKSPACE"
+	disablePluginTlsEnvVar   = "TF_DISABLE_PLUGIN_TLS"
+	skipProviderVerifyEnvVar = "TF_SKIP_PROVIDER_VERIFY"
 
 	varEnvVarPrefix = "TF_VAR_"
 )
@@ -35,6 +37,8 @@ var prohibitedEnvVars = []string{
 	reattachEnvVar,
 	appendUserAgentEnvVar,
 	workspaceEnvVar,
+	disablePluginTlsEnvVar,
+	skipProviderVerifyEnvVar,
 }
 
 func envMap(environ []string) map[string]string {
diff --git a/tfexec/terraform.go b/tfexec/terraform.go
index a9f3d2df..ffce85aa 100644
--- a/tfexec/terraform.go
+++ b/tfexec/terraform.go
@@ -32,11 +32,15 @@ type printfer interface {
 //  - TF_LOG
 //  - TF_LOG_PATH
 //  - TF_REATTACH_PROVIDERS
+//  - TF_DISABLE_PLUGIN_TLS
+//  - TF_SKIP_PROVIDER_VERIFY
 type Terraform struct {
-	execPath        string
-	workingDir      string
-	appendUserAgent string
-	env             map[string]string
+	execPath           string
+	workingDir         string
+	appendUserAgent    string
+	disablePluginTls   bool
+	skipProviderVerify bool
+	env                map[string]string
 
 	stdout  io.Writer
 	stderr  io.Writer
@@ -129,6 +133,18 @@ func (tf *Terraform) SetAppendUserAgent(ua string) {
 	tf.appendUserAgent = ua
 }
 
+// SetDisablePluginTls sets the TF_DISABLE_PLUGIN_TLS environment variable for
+// Terraform CLI execution.
+func (tf *Terraform) SetDisablePluginTls(disabled bool) {
+	tf.disablePluginTls = disabled
+}
+
+// SetSkipProviderVerify sets the TF_SKIP_PROVIDER_VERIFY environment variable
+// for Terraform CLI execution.
+func (tf *Terraform) SetSkipProviderVerify(skip bool) {
+	tf.skipProviderVerify = skip
+}
+
 // WorkingDir returns the working directory for Terraform.
 func (tf *Terraform) WorkingDir() string {
 	return tf.workingDir