What's new in OpenTofu 1.10?
This page will run you through the most important changes in OpenTofu 1.10:
New features
New built-in functions
New builtin provider functions added (#2306) :
provider::terraform::decode_tfvars- Decode a TFVars file content into an object.provider::terraform::encode_tfvars- Encode an object into a string with the same format as a TFVars file.provider::terraform::encode_expr- Encode an arbitrary expression into a string with valid OpenTofu syntax.
Improvements to existing features
External programs as encryption key providers (experimental)
State encryption now supports using external programs as key providers. Additionally, the PBKDF2 key provider now supports chaining via the chain parameter. For details, see the related documentation
This functionality is experimental and may be changed in future OpenTofu versions.
Smaller improvements
- OpenTofu will now recommend using
-excludeinstead of-target, when possible, in the error messages about unknown values incountandfor_eacharguments, thereby providing a more definitive workaround. (#2154)
Deprecations
Using ghcr.io/opentofu/opentofu as a base image
Using the ghcr.io/opentofu/opentofu image as a base image for custom images is deprecated and doesn't work as of OpenTofu 1.10. The reason behind this change is security: while we regularly update OpenTofu itself when security-relevant updates arise, providing a base image would require an update roughly once a week, which we are currently not equipped to do.
However, we have added instructions on building your own base image in the containerized installation instructions.
Bugfixes
- Fixed an issue where an invalid provider name in the
provider_metablock would crash OpenTofu rather than report an error (#2347)