The infrastructure-as-code (IaC) world has been buzzing lately, and with good reason: OpenTofu 1.10 is here, and it brings some of the most anticipated features the community has been asking for since the project’s inception. At Spacelift, we’re proud to support OpenTofu’s growth and momentum.
The project now has a thriving ecosystem of over 3,900 providers and over 23,600 modules, making it easy to build and manage infrastructure across every cloud platform with confidence. We see this 1.10 release as yet another milestone proving that community-led innovation is thriving.
From powerful technical additions to a major step forward in open governance, OpenTofu 1.10 showcases exactly why it’s fast becoming the standard for modern, open IaC.
On April 23, 2025, OpenTofu officially joined the Cloud Native Computing Foundation (CNCF) as a Sandbox project. This isn’t just symbolic; it reflects the project’s strong foundation in open governance and commitment to being community-owned and vendor-neutral.
This is a huge reassurance for teams looking for stability and independence in their infrastructure tooling. With CNCF’s backing, OpenTofu aligns more closely than ever with the broader cloud-native ecosystem.
The 1.10 release continues OpenTofu’s history of delivering on long-standing community requests while pushing the envelope with truly novel capabilities. This time around, we’ve got a host of new, helpful, and exciting features. Some of our favorites include:
OCI (Open Container Initiative) registry support
This top-voted feature unlocks the ability to distribute providers and modules using OCI-compliant registries. Why does this matter? Now you can:
- Leverage your existing OCI infrastructure (like Harbor or Amazon ECR)
- Store and distribute modules and providers privately
- Sign, verify, and version artifacts
- Enable team collaboration with familiar container workflows
To learn more about the OCI Registry, check out this full feature guide for testing OCI Registry Provider Mirrors here.
Native locking for the S3 backend
Locking is crucial for preventing state corruption. OpenTofu 1.10 introduces native support for locking in the S3 backend — no external services or plugins required. Just set use_lockfile = true in your backend config and you’re done. This means that you no longer need to leverage DynamoDB for implementing state locking in AWS.
Deprecation of module variables and outputs
Module-level variables and outputs can be deprecated to simplify module boundaries and reduce confusion. This aligns OpenTofu’s design philosophy more closely with composability and predictability. Module authors can now inform their end users of what values they can and can’t use. This gives DevOps teams better control to ship reusable and versionable modules.
Global provider cache locking
When using a shared environment or CI/CD pipelines, cache collisions can cause instability. Global cache locking ensures reliable, conflict-free provider usage across your workflows.
Multi-project PostgreSQL state management
You can now manage state across multiple projects in a single PostgreSQL instance. This opens up cleaner, centralized management of IaC at scale, which is great for platform teams.
Advanced resource migration
The moved block now supports migration between different types of resources, offering more flexibility for safely evolving your infrastructure over time.
Smarter removed block behavior
You can now apply lifecycle and provisioner configurations within the removed block. This gives you more control over gracefully decommissioning resources.
There’s more, but we could be here all day, so if you want to learn more about everything that’s been released in 1.10, check it out here.
In addition to all of the new features in 1.10, the OpenTofu team has been busy working on ecosystem enablement:
MCP Server
The OpenTofu MCP Server is now live. It allows large language model assistants to interact with the OpenTofu registry to find out information about providers, models, resources, and data sources. Think of it as a large language model-ready interface. LLMs (or your own automation) can query provider/module metadata and understand your infrastructure better. To take advantage of it, you can either use the hosted service at mcp.opentofu.org or you can install it locally. Either way, you can find more details about how to use the MCP server and its capabilities in the above GitHub repository.
Governance Framework Revamp
OpenTofu has updated its foundational governance documents, defining a formal governance framework detailing the roles, responsibilities, and decision-making processes of the Technical Steering Committee (TSC) and other contributors. This framework emphasizes the importance of the community for OpenTofu, showing contributors how they can engage with the project, and this new governance and contributor engagement model ensures everyone has a voice in OpenTofu’s direction. You can learn more about it here.
OpenTofu extension for VS Code
The OpenTofu extension for VS Code offers editing features for your OpenTofu files, such as syntax validation and highlighting, code navigation and formatting, IntelliSense, and others. Read more about it here.
One of the hallmarks of OpenTofu’s success has been its commitment to listening to its community. OpenTofu has made a habit of turning community pain points into powerful, product-ready features.
State Encryption: Delivered After Years of Waiting
Take state encryption. This was one of the most upvoted features in the Terraform ecosystem — requested for over three years — yet never implemented. OpenTofu 1.7 changed that with built-in state encryption. Whether you’re using AWS KMS, GCP KMS, PBKDF2, OpenBao, or others, OpenTofu protects your state at rest, with zero workarounds required.
Early Variable Evaluation
With OpenTofu 1.8 came early variable/local evaluation, a subtle, but powerful improvement. Previously, working with dynamic module versions meant hacking around limitations just to map to the module source and tag. Now, you can easily use variables or locals when using module sources and versions. You can also use them in the terraform block, letting you easily configure your backend with expressions.
A Feature-Filled Anniversary
To celebrate the first anniversary of OpenTofu at the beginning of 2025, the team shipped two other killer features:
- For_each in provider configuration blocks: Have multi-region/multi-environment workflows? This update allows you to easily create multiple providers out of the box, in a single block.
- The -exclude planning option: Think of it as -target but in reverse, making it perfect for partial applies.
A Meteoric Adoption Curve
The OpenTofu project is just days away from hitting 10 million GitHub downloads, a figure that speaks volumes about the trust enterprises and community members alike place in OpenTofu. As of today, it’s sitting at about 9.9 million downloads, gaining roughly 50,000 new pulls every day! At this pace, the 10 million mark is all but guaranteed by the end of the week. And remember, that’s purely GitHub, if you add Homebew, Package Cloud, and other mirrors into the mix, the true numbers are even larger.
Beyond Stars: Community Engagement
OpenTofu has well and truly outgrown the “early adopter” stage, crossing 25,000 stars on GitHub, with the community adding around ten new stars every single day for the last month. That steady accumulation shows real community enthusiasm for the project!
Blazing Fast Patch Uptake
Equally telling is how quickly teams are upgrading once patches drop. The recent 1.9.1 patch eclipsed v1.9.0 installs in just seven days, setting a new bar for patch adoption. Today, over 63 percent of all OpenTofu users are on v1.9.x, proof that users are confident in the updates.
Production-Grade
When 98.3 percent of downloads target Linux environments, it’s clear that OpenTofu isn’t just for experimentation; it’s running production workloads. With a steady baseline of 350,000+ downloads per week. OpenTofu is operating at true enterprise scale, powering critical infrastructure across clouds.
Timing is Everything
It couldn’t be more fitting that the 1.10 release lands just as OpenTofu crosses the 10 million download mark. More than just a milestone, this marks the evolution of OpenTofu into a stable, trusted foundation for IaC delivery at scale.
Looking Ahead
With this momentum, we’re looking forward to OpenTofu passing 20 million GitHub downloads before the end of 2025!
As one of the founding members of OpenTofu, we are committed to OpenTofu’s success, and our support goes beyond our engineering contribution to the project and the integrations we’ve built into our platform. We are supporting a growing community that prioritizes collaboration, long-term stability, and ensures that engineers are empowered by tools that are powerful and flexible, and free from vendor lock-in.
With Spacelift, teams get a comprehensive platform that understands their OpenTofu workflows and takes them to the next level by embedding policies, implementing self-service, giving them the ability to build dependencies and share outputs, integrating natively with their cloud providers, and combining them with Ansible/Kubernetes in a native way.
Whether you’re an enterprise looking for a familiar experience with a future-proof philosophy or you’re just getting started with IaC, OpenTofu is a welcoming and open choice that won’t lock you in.
OpenTofu 1.10 isn’t just a version bump, it’s proof that open-source IaC has a vibrant future.
