Configs2026年4月15日·1 分钟阅读

OpenTofu — Community-Driven Open-Source Terraform Alternative

The Linux Foundation fork of Terraform — MPL-2.0 licensed, drop-in compatible, with state encryption and provider-iteration built in.

AI Open Source
AI Open Source · Community

Introduction

When HashiCorp relicensed Terraform under the BUSL in 2023, the Linux Foundation created OpenTofu as a community-governed fork. It is a drop-in replacement for Terraform ≤ 1.5.x with an active independent roadmap and features HashiCorp has declined to ship — most notably native state encryption and for_each on providers.

What OpenTofu Does

  • Reads .tf HCL files and builds a declarative dependency graph
  • Plans, applies, and destroys infrastructure across 3,000+ providers
  • Manages remote state in S3, GCS, Azure, Consul, or HTTP backends
  • Encrypts state and plans end-to-end with pluggable key providers
  • Supports for_each on provider configurations (a long-requested feature)

Architecture Overview

OpenTofu is a single Go binary that shells out to provider plugins over gRPC. Each provider is a separate binary (terraform-provider-aws, terraform-provider-google, etc.) fetched from the OpenTofu Registry. The core handles state, graph walking, and diff computation; providers handle the actual API calls. The Registry at registry.opentofu.org mirrors the Terraform Registry with an independent storage layer and signing.

Self-Hosting & Configuration

  • ~/.tofurc or .terraformrc for CLI config (mirrors, provider overrides)
  • State backends configured in a backend "s3" { ... } block, same as Terraform
  • Run in CI with tofu init -upgrade && tofu plan -detailed-exitcode
  • Use tofu test (native since 1.6) for module unit tests
  • State encryption keys from env, KMS, or HSM via the key-provider interface

Key Features

  • Truly open-source under MPL-2.0, governed by the Linux Foundation
  • Full backwards compatibility with Terraform 1.5.x state and providers
  • Native, pluggable state encryption (no external wrapper needed)
  • for_each on provider blocks for multi-region / multi-account modules
  • Active contributor base including Harness, Gruntwork, Env0, Spacelift

Comparison with Similar Tools

  • Terraform (HashiCorp) — same core language; diverging feature set and license
  • Pulumi — uses general-purpose languages instead of HCL; richer testing story
  • Crossplane — Kubernetes-native IaC, declarative via CRDs, pairs with OpenTofu
  • CDK for Terraform (CDKTF) — write HCL in TypeScript/Python; works with tofu too
  • Ansible — procedural, state-less; better for config mgmt than provisioning

FAQ

Q: Is my Terraform state compatible? A: Yes. State files from Terraform 1.5 and earlier load unchanged in OpenTofu.

Q: Do I have to rewrite my providers? A: No. The gRPC plugin protocol is identical; all providers from the Terraform Registry work.

Q: How do I migrate? A: brew install opentofu, replace terraform with tofu in CI, tofu init -migrate-state.

Q: Who hosts the Registry? A: The Linux Foundation runs registry.opentofu.org. Providers are mirrored and signed by maintainers.

Sources

讨论

登录后参与讨论。
还没有评论,来写第一条吧。

相关资产

Citus — Distributed PostgreSQL for Sharding and HTAP

A Postgres extension that turns your database into a distributed cluster with sharding, columnar storage and parallel query — keeping full SQL, ACID, JSONB, PostGIS and the Postgres ecosystem intact.

AI Open Source

Trino — Fast Distributed SQL Query Engine for Data Lakes

The federated SQL engine formerly known as PrestoSQL. Query S3/HDFS/Iceberg/Delta/Hudi, MySQL, Postgres, Kafka, Cassandra and dozens more with ANSI SQL — in seconds, at petabyte scale.

AI Open Source

BadgerDB — Fast Embeddable Key-Value Store in Pure Go

A pure-Go LSM-tree database built for SSDs, the storage engine behind Dgraph. No CGO, ACID transactions, encryption at rest, tiny binary — ideal for Go services that need embedded persistence.

AI Open Source
首页🔍搜索👤我的