Skip to main content

OpenTofu v1.11.0

Today we've released OpenTofu v1.11.0, collecting together several months of work from the OpenTofu community, including some significant new features.

Ephemeral resources and write-only attributes​

Ephemeral values allow OpenTofu to work with data and resources that exist only in memory during a single OpenTofu phase, guaranteeing that those values will not be persisted in state snapshots or plan files:

  • Use ephemeral resources to request temporary access to stored credentials or network tunnels for use in provider or provisioner configurations, without the resulting values being saved in OpenTofu plan files or state snapshots.

    For example, you could use an ephemeral resource to request time-limited AWS credentials from OpenBao and provide them to the hashicorp/aws provider, or to open a temporary SSH tunnel so that the cyrilgdn/postgresql provider can access a Postgres server on a remote network.

  • Use write-only attributes to set resource arguments that OpenTofu needs access to only when they are changing, such as the initial administrator password for a database.

    For example, you could use an ephemeral resource to generate an SSH keypair and then save the private key in your secret store using a write-only attribute so that OpenTofu itself will not need to retain its own copy of the key material.

For more information on these and other related OpenTofu language features, refer to Ephemerality.

enabled for resources and modules​

OpenTofu has traditionally allowed a module to dynamically enable or disable a particular module by using the count meta-argument to choose between either zero or one instances of the object.

OpenTofu v1.11.0 introduces the enabled meta-argument, which we hope will make it easier for readers to understand that only zero or one instances of a resource are possible:

Code Block
variable "subnet" {
  type = object({
    id = string
  })
  default = null
}

variable "enable_cluster" {
  type    = bool
  default = false
}

resource "aws_subnet" "example" {
  # ...

  lifecycle {
    enabled = var.subnet == null
  }
}

resource "aws_instance" "example" {
  # ...
  subnet_id = var.subnet != null ? var.subnet.id : aws_subnet.example.id
  # ...
}

module "servers" {
  source = "./app-cluster"
  servers = 5
  lifecycle {
    enabled = var.enable_cluster
  }
}

For more information, refer to The enabled meta-argument.

Various other improvements​

There are numerous other improvements in OpenTofu v1.11. For more information, refer to What's new in version v1.11, or to the OpenTofu v1.11.0 release notes.

Download and Install​

You can download OpenTofu v1.11.0 directly from our GitHub releases page, install it using your preferred package manager, or use our official Docker images.

View our installation guides