The open source OpenTofu infrastructure-as-code (IAC) project achieved a major milestone with a new generally available release.

OpenTofu got its start in 2023 as a fork of the Hashicorp Terraform IAC technology. Originally known as OpenTF, OpenTofu's contributors took issue with a license change made by Hashicorp in August 2023 for Terraform. Instead of sticking with an Open Source Initiative (OSI) approved open source license, Hashicorp changed the license for Terraform to a non-OSI license. OpenTofu became part of the Linux Foundation in September 2023, with the idea that it would be a drop-in replacement for Terraform. The first public release dropped in January with version 1.6 and now the project is accelerating further with the public release of OpenTofu 1.7.

Not only is OpenTofu 1.7 an open source IAC technology that can potentially replace Hashicorp's Terraform, it also goes a step further introducing a series of new features as well.

“Provider functions have been enhanced from the Terraform implementation, and state encryption is entirely new,” Sebastian Stadl, co-founder and CEO of Scalr and one of the leaders of the OpenTofu project told SDxCentral.

Long-requested state encryption is finally here

The marquee feature in the 1.7 release is state encryption, which allows users to encrypt their Terraform state files at rest using industry-standard AES-GCM encryption. This protects sensitive infrastructure details stored in state files from being accessed by unauthorized parties.

OpenTofu's state encryption implementation includes secure local passphrase storage as well as integration with various cloud key management services like AWS KMS, GCP KMS, and OpenBao. An extensible API is also included to enable future integrations with other key management systems.

Another powerful new feature is provider-defined functions, which allows providers to define custom functions that can be used within Tofu code. This includes the ability to author dynamic custom functions in the Go or Lua programming languages within the same directory as the Tofu configuration files.

OpenTofu aims to be a drop-in replacement for Terraform

The 1.7 release also adds “loopable imports” which enables using the for_each meta-argument within import blocks. This makes it much easier to import large amounts of existing infrastructure into Tofu configurations.

Additionally, new “removed” blocks allow infrastructure to be explicitly exported from Tofu configurations, providing a way to represent the full lifecycle state of resources.

Hashicorp legal drama continues, but for how long?

The new OpenTofu 1.7 update comes as the open source project continues its legal dispute against Hashicorp.

On April 11, lawyers from the Linux Foundation and Hashicorp traded legal threats over alleged license infringements. The current status of the legal dispute has not been publicly disclosed.

“We can’t comment on legal matters,” Stadl said.

While the lawyers talk behind closed doors, Hashicorp itself is in play as IBM has announced it intent to acquire the company in a $6.4 billion deal announced last week. At the time of the acquisition, IBM declined to comment on whether it would change Terraform back to an open source license after the deal closes. That said, IBM is a founding member of the Linux Foundation and a stalwart contributor and supporter of open source and as such the open source future of Terraform is still very much an open question.