OpenTofu 1.7.0 has been released with new features, including end-to-end state encryption, dynamic provider-defined functions, a "removed" block, and loopable import blocks.
OpenTofu is an open-source infrastructure-as-code tool for declarative cloud infrastructure creation using various APIs. It was forked last year from HashiCorp's Terraform after the latter's license change.
The new version introduces several significant features and improvements:
- End-to-end state encryption: state files are now protected regardless of the storage backend used. Users can provide encryption passphrases via environment variables or use key management systems like AWS KMS, GCP KMS, or OpenBao.
- Dynamic provider-defined functions: providers can now offer native functions for use in OpenTofu code. An OpenTofu-specific feature allows providers to dynamically define custom functions based on configuration, enabling integration with other programming languages.
- Removed block: this feature allows users to mark OpenTofu-created resources for removal from the state file while preserving the created infrastructure.
- Loopable import blocks: this enables declarative bulk importing of resources in OpenTofu code, facilitating large-scale migrations.
OpenTofu 1.7.0 maintains compatibility with Terraform 1.5 and offers migration paths from later versions. The announcement also highlights the significant growth of the OpenTofu community since its initial release four months prior. While exact user numbers are not tracked, registry usage has more than doubled in the last month, reaching over a million daily requests. The project has attracted 65 unique contributors for this release and has garnered 20,000 stars on GitHub.
The end-to-end state encryption has been well-received. Writing on Reddit, user sPENKMAn is one of many who look forward to simplifying their scripts:
Now I can ditch my "encrypt file and upload the file to object storage" wrapper script as soon as we switch to opentofu!
- sPENKMAn
On DevOps.com, Steven J. Vaughan-Nichols explains that OpenTofu lacks a policy-as-code enforcement framework and suggests that engineers could now pair OPA with OpenTofu to mirror the functionality of adding HashiCorp Sentinel with Terraform.
The project encourages community voting and participation as it looks towards OpenTofu 1.8, and to this end, a list of the most upvoted issues has been created. One feature under consideration for the next version is the ability to use variables as module sources and in backend configuration, addressing a frequently requested capability.
Other Reddit comments refer to long-desired functionality not yet being included, though the original poster adds that this should be added soon:
I will set fireworks off when they add dynamic/loopable providers.
I LOVE the dynamic imports piece and I am so looking forward to dynamic providers/aliases. Giving me even more of a reason to switch over to tofu.
- Mymonument
The announcement concludes by inviting users to open issues or reach out via Slack to suggest features for future releases.