Installation
npx skills add oakoss/agent-skills --skill opentofu 38
Installs
OpenTofu
Overview
OpenTofu is an open-source infrastructure as code tool that uses HCL (HashiCorp Configuration Language) to declaratively manage cloud infrastructure. It is a community-driven fork of Terraform, fully compatible with existing Terraform providers and modules, with exclusive features like native state encryption. Pulumi provides an alternative IaC approach using general-purpose languages (TypeScript, Python, Go) instead of HCL.
When to use: Managing cloud infrastructure declaratively, provisioning multi-cloud resources, enforcing infrastructure consistency across environments, encrypting state at rest (OpenTofu), using familiar programming languages for IaC (Pulumi).
When NOT to use: One-off scripts better suited to CLI tools, application-level configuration management (use Ansible/Chef), container orchestration logic (use Kubernetes manifests), simple static hosting (use platform-native tools).
Quick Reference
| Pattern | Tool / Command | Key Points |
|---|---|---|
| Initialize project | tofu init |
Downloads providers, initializes backend |
| Preview changes | tofu plan |
Shows diff without applying |
| Apply changes | tofu apply |
Provisions/updates resources |
| Destroy resources | tofu destroy |
Tears down managed infrastructure |
| Import resource | tofu import <addr> <id> |
Brings existing resource under management |
| State encryption | terraform.encryption block |
OpenTofu-exclusive, AES-GCM with key providers |
| Remote backend | backend "s3" / backend "gcs" |
Store state in cloud storage with locking |
| Workspaces | tofu workspace new <name> |
Isolated state per environment |
| Module usage | module "name" { source = "..." } |
Reusable infrastructure components |
| Output values | output "name" { value = ... } |
Expose values for other configs or CI |
| Variable files | terraform.tfvars / -var-file |
Environment-specific variable overrides |
| Pulumi new project | pulumi new typescript |
Scaffold TypeScript IaC project |
| Pulumi preview | pulumi preview |
Shows planned changes |
| Pulumi deploy | pulumi up |
Provisions/updates resources |
| Pulumi config | pulumi config set key value |
Stack-scoped configuration |
| Pulumi secrets | pulumi config set --secret key val |
Encrypted config values |
| Pulumi stacks | pulumi stack select <name> |
Switch between environments |
| Automation API | LocalWorkspace.createOrSelectStack() |
Programmatic stack management |
Common Mistakes
| Mistake | Correct Pattern |
|---|---|
| Storing state locally in team environments | Configure remote backend (S3, GCS, Azure Blob) with state locking |
| Hardcoding provider credentials in HCL | Use environment variables or provider-specific auth chains |
Using tofu apply without reviewing plan |
Run tofu plan -out=plan.tfplan then tofu apply plan.tfplan |
| Editing state manually | Use tofu state mv, tofu state rm, or tofu import |
Ignoring .terraform.lock.hcl |
Commit lock file for reproducible provider versions |
Using count for complex conditional resources |
Prefer for_each with maps for stable resource addressing |
| Sharing one workspace for all environments | Use separate workspaces or backend config per environment |
Putting secrets in terraform.tfvars |
Use sensitive = true variables, vault, or environment variables |
| Pulumi: creating resources outside component classes | Wrap related resources in ComponentResource for reuse |
| Pulumi: not awaiting async operations | Ensure all resource operations complete before stack export |
Skipping tofu plan in CI/CD |
Always plan and require approval before apply in pipelines |
Not using -target carefully |
Prefer full plans; -target can leave state inconsistent |
Delegation
- Infrastructure pattern discovery: Use
Exploreagent - IaC code review: Use
Taskagent - Drift detection analysis: Use
Taskagent
If the
amazon-web-servicesskill is available, delegate AWS resource patterns to it.
If thedockerskill is available, delegate container infrastructure patterns to it.
If thegithub-actionsskill is available, delegate CI/CD pipeline patterns to it.
References
- HCL syntax, resources, data sources, and providers
- Modules, composition, and reusable infrastructure
- State management, remote backends, and locking
- State encryption with OpenTofu-exclusive key providers
- Variables, outputs, and environment configuration
- Workspaces and multi-environment setups
- Import existing infrastructure and migration patterns
- Pulumi TypeScript and Python SDK patterns
- Pulumi stacks, config, secrets, and automation API
- CI/CD integration and drift detection
Installs
Security Audit
View Source
oakoss/agent-skills
More from this source
EU-Hosted Inference API Power your AI Agents with
the best open-source models.
Drop-in OpenAI-compatible API. No data leaves Europe.
Explore Inference APIGLM
GLM 5
$1.00 / $3.20
per M tokens
Kimi
Kimi K2.5
$0.60 / $2.80
per M tokens
MiniMax
MiniMax M2.5
$0.30 / $1.20
per M tokens
Qwen
Qwen3.5 122B
$0.40 / $3.00
per M tokens
How to use this skill
Install opentofu by running npx skills add oakoss/agent-skills --skill opentofu in your project directory. Run the install command above in your project directory. The skill file will be downloaded from GitHub and placed in your project.
No configuration needed. Your AI agent (Claude Code, Cursor, Windsurf, etc.) automatically detects installed skills and uses them as context when generating code.
The skill enhances your agent's understanding of opentofu, helping it follow established patterns, avoid common mistakes, and produce production-ready output.
What you get
Skills are plain-text instruction files — not executable code. They encode expert knowledge about frameworks, languages, or tools that your AI agent reads to improve its output. This means zero runtime overhead, no dependency conflicts, and full transparency: you can read and review every instruction before installing.
Compatibility
This skill works with any AI coding agent that supports the skills.sh format, including Claude Code (Anthropic), Cursor, Windsurf, Cline, Aider, and other tools that read project-level context files. Skills are framework-agnostic at the transport level — the content inside determines which language or framework it applies to.
Made in Europe Chat with 100+ AI Models in one App.
Use Claude, ChatGPT, Gemini alongside with EU-Hosted Models like Deepseek, GLM-5, Kimi K2.5 and many more.
