OpenTofu Project Adds OCI Registry to Share and Reuse Components
The OpenTofu project has released an update that adds support for a registry based on the Open Container Initiative specifications to make it simpler to share and reuse modules.
Additionally, OpenTofu 1.10.0 adds support for S3-compatible cloud storage services to manage state, a global provider cache lock, more flexible instances of state encryption and -target-file and -exclude-file options to improve resource management and additional infrastructure refactoring capabilities.
Finally, support for experimental instances of OpenTelemetry traces to improve troubleshooting, and an ability to now mark variables and outputs as deprecated.
Christian Mesh, core engineer and technology lead for OpenTofu, said the OCI registry is crucial because it makes it simpler for software engineering teams to collaborate using a standard container format. The Docker image format that was previously made available is no longer being supported.
Other major initiatives the OpenTofu community continues to work on are an OpenTofu Registry Model Context Protocol (MCP) server to provide access to artificial intelligence (AI) agents and integration with the VS Code integrated development environment (IDE).
Collectively, these capabilities show that OpenTofu as an infrastructure-as-code alternative to Terraform continues to mature, noted Mesh. In fact, OpenTofu is now close to having been downloaded 10 million times from GitHub, with other repositories pushing total downloads closer to more than 20 million.
Created as a fork of Terraform prior to IBM’s acquisition of HashiCorp, the original developer of Terraform, it’s not clear if these two open-source projects might one day be reconciled.
In the meantime, it’s not clear how many software engineering teams might have abandoned Terraform for OpenTofu or some other IaC tool. The core controversy itself traces back to a dispute over how third-party vendors were leveraging Terraform to drive revenues in a way that didn’t compensate HashiCorp. Shortly, thereafter, the OpenTofu project was formally launched by The Linux Foundation with backing from Harness, Gruntwork, Spacelift, env0, Scalr, Digger, Terrateam, Massdriver and Terramate.
The OpenTofu project, since then, has continued to track changes made to Terraform, and an invitation to HashiCorp, or its parent company, to join the OpenTofu project remains open, said Mesh. At the moment, however, no ongoing conversations are occurring between camps, he added.
In general, IaC tools have been a boon to productivity for IT organizations. IaC tools are widely used today by application developers to provision cloud infrastructure. However, many of the cloud security issues organizations encounter can also be traced back to misconfigurations created by application developers that created a vulnerability that cybercriminals were able to exploit.
Longer term, there may come a day when AI agents make the underlying tool used to configure IT infrastructure less relevant. Via a conversational interface, the ability to programmatically provision and manage IT infrastructure should become much more accessible, which, in addition to increasing productivity, will hopefully lead to fewer mistakes being made. The challenge, as always, will be making sure that best DevSecOps practices are followed regardless of how IT infrastructure is provisioned.
