6c46636af4
Unfortunately the Go team has unilaterally decided that all programs built with Go 1.24 and later always allow enabling FIPS-140-3 mode -- both in its "on" and "only" configurations -- regardless of whether the authors of that software intend to support running in that restricted mode, or whether they are even testing their application in that configuration. We have not yet made a final decision on how and whether we intend to support this mode in our official builds, but we _do_ know that OpenTofu cannot currently function correctly with this mode enabled because it relies on standard library features and external libraries that are not available in that case. Therefore in the meantime we'll mention explicitly in both the internal logs and in the "tofu version" output if we appear to be running in that mode, meaning that if someone tries to use it and finds that it doesn't work properly then if they open a GitHub issue and share those two artifacts (as requested by our bug report template) then we can know that we might need to turn on the special mode in order to reproduce the reported problem, rather than wasting time trying to reproduce it in the standard mode. We do still need to make a final decision about what we want to do with this in the long run, but this is intended as an short-term compromise that allows folks to experiment with this unsupported mode if they wish while hopefully making it clearer that in the mean time we may deprioritize fixing problems that only occur when this unusual mode is enabled. Signed-off-by: Martin Atkins <mart@degeneration.co.uk>
OpenTofu
OpenTofu is an OSS tool for building, changing, and versioning infrastructure safely and efficiently. OpenTofu can manage existing and popular service providers as well as custom in-house solutions.
The key features of OpenTofu are:
-
Infrastructure as Code: Infrastructure is described using a high-level configuration syntax. This allows a blueprint of your datacenter to be versioned and treated as you would any other code. Additionally, infrastructure can be shared and re-used.
-
Execution Plans: OpenTofu has a "planning" step where it generates an execution plan. The execution plan shows what OpenTofu will do when you call apply. This lets you avoid any surprises when OpenTofu manipulates infrastructure.
-
Resource Graph: OpenTofu builds a graph of all your resources, and parallelizes the creation and modification of any non-dependent resources. Because of this, OpenTofu builds infrastructure as efficiently as possible, and operators get insight into dependencies in their infrastructure.
-
Change Automation: Complex changesets can be applied to your infrastructure with minimal human interaction. With the previously mentioned execution plan and resource graph, you know exactly what OpenTofu will change and in what order, avoiding many possible human errors.
Getting help and contributing
- Have a question?
- Post it in GitHub Discussions
- Open a GitHub issue
- Join the OpenTofu Slack!
- Want to contribute?
- Please read the Contribution Guide.
- Recurring Events
- Community Meetings on Wednesdays at 12:30 UTC at this link: https://meet.google.com/xfm-cgms-has (📅 calendar link)
- Technical Steering Committee Meetings every other Tuesday at 4pm UTC at this link: https://meet.google.com/cry-houa-qbk (📅 calendar link)
Tip
For more OpenTofu events, subscribe to the OpenTofu Events Calendar!
Reporting security vulnerabilities
If you've found a vulnerability or a potential vulnerability in OpenTofu please follow Security Policy. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
Reporting possible copyright issues
If you believe you have found any possible copyright or intellectual property issues, please contact liaison@opentofu.org. We'll send a confirmation email to acknowledge your report.
Registry Access
In an effort to comply with applicable sanctions, we block access from specific countries of origin.