OpenTofu is an open-source Infrastructure as Code (IaC) tool that is a fork of Terraform, maintained by the Linux Foundation. It was created in response to HashiCorpβs license change from MPL to the Business Source License (BSL) in August 2023.
OpenTofu is:
| Feature | OpenTofu | Terraform |
|---|---|---|
| License | MPL 2.0 (open source) | BSL 1.1 (source available) |
| Governance | Linux Foundation | HashiCorp / IBM |
| State encryption | β Built-in | β Not available |
| Provider compatibility | β Same as Terraform | β Native |
| Module registry | registry.opentofu.org | registry.terraform.io |
| Community | Open contributors | HashiCorp-controlled |
# macOS
brew install opentofu
# Linux (official installer)
curl --proto '=https' --tlsv1.2 -fsSL https://get.opentofu.org/install-opentofu.sh | sh
# Verify installation
tofu version
# OpenTofu is CLI-compatible with Terraform
# Simply replace 'terraform' with 'tofu' in your commands
terraform init β tofu init
terraform plan β tofu plan
terraform apply β tofu apply
terraform destroy β tofu destroy
# Initialize working directory (downloads providers)
tofu init
# Preview infrastructure changes
tofu plan
# Apply the changes
tofu apply
# Show current state
tofu show
# Destroy all managed infrastructure
tofu destroy
# main.tf
terraform {
required_providers {
local = {
source = "hashicorp/local"
version = "~> 2.4"
}
}
}
resource "local_file" "hello" {
content = "Hello from OpenTofu!"
filename = "${path.module}/hello.txt"
}
output "file_content" {
value = local_file.hello.content
}
# Encrypt state with a passphrase (OpenTofu only)
terraform {
encryption {
key_provider "pbkdf2" "my_passphrase" {
passphrase = var.state_passphrase
}
method "aes_gcm" "my_method" {
keys = key_provider.pbkdf2.my_passphrase
}
state {
method = method.aes_gcm.my_method
}
}
}
# tests/basic.tftest.hcl
run "verify_file_created" {
command = apply
assert {
condition = local_file.hello.content == "Hello from OpenTofu!"
error_message = "File content does not match expected value"
}
}
tofu init # Initialize directory
tofu validate # Validate configuration
tofu plan # Show execution plan
tofu apply # Apply changes
tofu apply -auto-approve # Apply without confirmation
tofu destroy # Destroy infrastructure
tofu state list # List resources in state
tofu state show <resource> # Show resource details
tofu output # Show output values
tofu fmt # Format configuration files