OpenTofu — Open-Source Terraform Alternative
You are an expert in OpenTofu, the open-source fork of Terraform maintained by the Linux Foundation. You help developers and platform teams provision cloud infrastructure using HCL (HashiCorp Configuration Language), with full compatibility with existing Terraform modules, state files, and providers — plus new features like client-side state encryption, OCI registry support, and removed BSL license restrictions.
Best use case
OpenTofu — Open-Source Terraform Alternative is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
You are an expert in OpenTofu, the open-source fork of Terraform maintained by the Linux Foundation. You help developers and platform teams provision cloud infrastructure using HCL (HashiCorp Configuration Language), with full compatibility with existing Terraform modules, state files, and providers — plus new features like client-side state encryption, OCI registry support, and removed BSL license restrictions.
Teams using OpenTofu — Open-Source Terraform Alternative should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/opentofu/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How OpenTofu — Open-Source Terraform Alternative Compares
| Feature / Agent | OpenTofu — Open-Source Terraform Alternative | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
You are an expert in OpenTofu, the open-source fork of Terraform maintained by the Linux Foundation. You help developers and platform teams provision cloud infrastructure using HCL (HashiCorp Configuration Language), with full compatibility with existing Terraform modules, state files, and providers — plus new features like client-side state encryption, OCI registry support, and removed BSL license restrictions.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# OpenTofu — Open-Source Terraform Alternative
You are an expert in OpenTofu, the open-source fork of Terraform maintained by the Linux Foundation. You help developers and platform teams provision cloud infrastructure using HCL (HashiCorp Configuration Language), with full compatibility with existing Terraform modules, state files, and providers — plus new features like client-side state encryption, OCI registry support, and removed BSL license restrictions.
## Core Capabilities
### Basic Usage
```hcl
# main.tf — Infrastructure definition
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
# State encryption (OpenTofu exclusive feature)
encryption {
method "aes_gcm" "default" {
keys = key_provider.pbkdf2.default
}
state {
method = method.aes_gcm.default
enforced = true # Reject unencrypted state
}
}
}
provider "aws" {
region = var.region
}
# VPC with public and private subnets
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "5.5.0"
name = "${var.project}-vpc"
cidr = "10.0.0.0/16"
azs = ["${var.region}a", "${var.region}b", "${var.region}c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
enable_nat_gateway = true
single_nat_gateway = var.environment != "production" # Save cost in non-prod
tags = local.common_tags
}
# ECS Fargate service
resource "aws_ecs_service" "api" {
name = "${var.project}-api"
cluster = aws_ecs_cluster.main.id
task_definition = aws_ecs_task_definition.api.arn
desired_count = var.environment == "production" ? 3 : 1
launch_type = "FARGATE"
network_configuration {
subnets = module.vpc.private_subnets
security_groups = [aws_security_group.api.id]
}
load_balancer {
target_group_arn = aws_lb_target_group.api.arn
container_name = "api"
container_port = 3000
}
}
# Variables
variable "project" { default = "myapp" }
variable "region" { default = "us-east-1" }
variable "environment" { default = "staging" }
locals {
common_tags = {
Project = var.project
Environment = var.environment
ManagedBy = "opentofu"
}
}
```
### State Encryption (OpenTofu Exclusive)
```hcl
# State encryption — data never stored in plaintext
terraform {
encryption {
key_provider "pbkdf2" "default" {
passphrase = var.state_passphrase # From env or vault
}
key_provider "aws_kms" "prod" {
kms_key_id = "alias/opentofu-state"
region = "us-east-1"
}
method "aes_gcm" "default" {
keys = key_provider.pbkdf2.default
}
method "aes_gcm" "prod" {
keys = key_provider.aws_kms.prod
}
state {
method = method.aes_gcm.prod # KMS-encrypted state
enforced = true
}
plan {
method = method.aes_gcm.default # Encrypt plan files too
enforced = true
}
}
}
```
### Commands
```bash
# Drop-in replacement for terraform CLI
tofu init # Initialize providers and modules
tofu plan # Preview changes
tofu apply # Apply changes
tofu destroy # Tear down infrastructure
tofu state list # List resources in state
tofu import aws_s3_bucket.data my-bucket # Import existing resources
# Migration from Terraform
# Just replace `terraform` with `tofu` — state files are compatible
```
## Installation
```bash
# macOS
brew install opentofu
# Linux
curl -fsSL https://get.opentofu.org/install-opentofu.sh | sh
# Docker
docker run -it ghcr.io/opentofu/opentofu:latest init
```
## Best Practices
1. **State encryption** — Enable client-side encryption for state files; OpenTofu's exclusive feature, use KMS for production
2. **Modules for reuse** — Package infrastructure patterns as modules; share via private registry or Git
3. **Remote state** — Store state in S3 + DynamoDB (locking) or Terraform Cloud/Spacelift; never local state for teams
4. **Workspaces for environments** — Use workspaces or separate state files for dev/staging/production
5. **Plan before apply** — Always `tofu plan` and review; use `-out=plan.tfplan` for deterministic applies in CI
6. **Import existing resources** — Use `tofu import` to bring existing infrastructure under management
7. **Compatible with Terraform** — All Terraform providers and modules work; migrate by replacing the binary
8. **Pin versions** — Pin provider and module versions; `~> 5.0` for minor updates, exact pins for productionRelated Skills
openapi-spec-generator
Openapi Spec Generator - Auto-activating skill for API Development. Triggers on: openapi spec generator, openapi spec generator Part of the API Development skill category.
open-graph-creator
Open Graph Creator - Auto-activating skill for Frontend Development. Triggers on: open graph creator, open graph creator Part of the Frontend Development skill category.
gpu-resource-optimizer
Gpu Resource Optimizer - Auto-activating skill for ML Deployment. Triggers on: gpu resource optimizer, gpu resource optimizer Part of the ML Deployment skill category.
building-terraform-modules
Execute this skill empowers AI assistant to build reusable terraform modules based on user specifications. it leverages the terraform-module-builder plugin to generate production-ready, well-documented terraform module code, incorporating best practices for sec... Use when appropriate context detected. Trigger with relevant phrases based on skill purpose.
terraform-test
Comprehensive guide for writing and running Terraform tests. Use when creating test files (.tftest.hcl), writing test scenarios with run blocks, validating infrastructure behavior with assertions, mocking providers and data sources, testing module outputs and resource configurations, or troubleshooting Terraform test syntax and execution.
terraform-style-guide
Generate Terraform HCL code following HashiCorp's official style conventions and best practices. Use when writing, reviewing, or generating Terraform configurations.
terraform-stacks
Comprehensive guide for working with HashiCorp Terraform Stacks. Use when creating, modifying, or validating Terraform Stack configurations (.tfcomponent.hcl, .tfdeploy.hcl files), working with stack components and deployments from local modules, public registry, or private registry sources, managing multi-region or multi-environment infrastructure, or troubleshooting Terraform Stacks syntax and structure.
terraform-search-import
Discover existing cloud resources using Terraform Search queries and bulk import them into Terraform management. Use when bringing unmanaged infrastructure under Terraform control, auditing cloud resources, or migrating to IaC.
provider-resources
Implement Terraform Provider resources and data sources using the Plugin Framework. Use when developing CRUD operations, schema design, state management, and acceptance testing for provider resources.
new-terraform-provider
Use this when scaffolding a new Terraform provider.
terraform-azurerm-set-diff-analyzer
Analyze Terraform plan JSON output for AzureRM Provider to distinguish between false-positive diffs (order-only changes in Set-type attributes) and actual resource changes. Use when reviewing terraform plan output for Azure resources like Application Gateway, Load Balancer, Firewall, Front Door, NSG, and other resources with Set-type attributes that cause spurious diffs due to internal ordering changes.
openapi-to-application-code
Generate a complete, production-ready application from an OpenAPI specification