> opentofu
You are an expert in OpenTofu, the open-source fork of Terraform maintained by the Linux Foundation. You help developers and platform teams provision cloud infrastructure using HCL (HashiCorp Configuration Language), with full compatibility with existing Terraform modules, state files, and providers — plus new features like client-side state encryption, OCI registry support, and removed BSL license restrictions.
curl "https://skillshub.wtf/TerminalSkills/skills/opentofu?format=md"OpenTofu — Open-Source Terraform Alternative
You are an expert in OpenTofu, the open-source fork of Terraform maintained by the Linux Foundation. You help developers and platform teams provision cloud infrastructure using HCL (HashiCorp Configuration Language), with full compatibility with existing Terraform modules, state files, and providers — plus new features like client-side state encryption, OCI registry support, and removed BSL license restrictions.
Core Capabilities
Basic Usage
# main.tf — Infrastructure definition
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
# State encryption (OpenTofu exclusive feature)
encryption {
method "aes_gcm" "default" {
keys = key_provider.pbkdf2.default
}
state {
method = method.aes_gcm.default
enforced = true # Reject unencrypted state
}
}
}
provider "aws" {
region = var.region
}
# VPC with public and private subnets
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "5.5.0"
name = "${var.project}-vpc"
cidr = "10.0.0.0/16"
azs = ["${var.region}a", "${var.region}b", "${var.region}c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
enable_nat_gateway = true
single_nat_gateway = var.environment != "production" # Save cost in non-prod
tags = local.common_tags
}
# ECS Fargate service
resource "aws_ecs_service" "api" {
name = "${var.project}-api"
cluster = aws_ecs_cluster.main.id
task_definition = aws_ecs_task_definition.api.arn
desired_count = var.environment == "production" ? 3 : 1
launch_type = "FARGATE"
network_configuration {
subnets = module.vpc.private_subnets
security_groups = [aws_security_group.api.id]
}
load_balancer {
target_group_arn = aws_lb_target_group.api.arn
container_name = "api"
container_port = 3000
}
}
# Variables
variable "project" { default = "myapp" }
variable "region" { default = "us-east-1" }
variable "environment" { default = "staging" }
locals {
common_tags = {
Project = var.project
Environment = var.environment
ManagedBy = "opentofu"
}
}
State Encryption (OpenTofu Exclusive)
# State encryption — data never stored in plaintext
terraform {
encryption {
key_provider "pbkdf2" "default" {
passphrase = var.state_passphrase # From env or vault
}
key_provider "aws_kms" "prod" {
kms_key_id = "alias/opentofu-state"
region = "us-east-1"
}
method "aes_gcm" "default" {
keys = key_provider.pbkdf2.default
}
method "aes_gcm" "prod" {
keys = key_provider.aws_kms.prod
}
state {
method = method.aes_gcm.prod # KMS-encrypted state
enforced = true
}
plan {
method = method.aes_gcm.default # Encrypt plan files too
enforced = true
}
}
}
Commands
# Drop-in replacement for terraform CLI
tofu init # Initialize providers and modules
tofu plan # Preview changes
tofu apply # Apply changes
tofu destroy # Tear down infrastructure
tofu state list # List resources in state
tofu import aws_s3_bucket.data my-bucket # Import existing resources
# Migration from Terraform
# Just replace `terraform` with `tofu` — state files are compatible
Installation
# macOS
brew install opentofu
# Linux
curl -fsSL https://get.opentofu.org/install-opentofu.sh | sh
# Docker
docker run -it ghcr.io/opentofu/opentofu:latest init
Best Practices
- State encryption — Enable client-side encryption for state files; OpenTofu's exclusive feature, use KMS for production
- Modules for reuse — Package infrastructure patterns as modules; share via private registry or Git
- Remote state — Store state in S3 + DynamoDB (locking) or Terraform Cloud/Spacelift; never local state for teams
- Workspaces for environments — Use workspaces or separate state files for dev/staging/production
- Plan before apply — Always
tofu planand review; use-out=plan.tfplanfor deterministic applies in CI - Import existing resources — Use
tofu importto bring existing infrastructure under management - Compatible with Terraform — All Terraform providers and modules work; migrate by replacing the binary
- Pin versions — Pin provider and module versions;
~> 5.0for minor updates, exact pins for production
> related_skills --same-repo
> zustand
You are an expert in Zustand, the small, fast, and scalable state management library for React. You help developers manage global state without boilerplate using Zustand's hook-based stores, selectors for performance, middleware (persist, devtools, immer), computed values, and async actions — replacing Redux complexity with a simple, un-opinionated API in under 1KB.
> zoho
Integrate and automate Zoho products. Use when a user asks to work with Zoho CRM, Zoho Books, Zoho Desk, Zoho Projects, Zoho Mail, or Zoho Creator, build custom integrations via Zoho APIs, automate workflows with Deluge scripting, sync data between Zoho apps and external systems, manage leads and deals, automate invoicing, build custom Zoho Creator apps, set up webhooks, or manage Zoho organization settings. Covers Zoho CRM, Books, Desk, Projects, Creator, and cross-product integrations.
> zod
You are an expert in Zod, the TypeScript-first schema declaration and validation library. You help developers define schemas that validate data at runtime AND infer TypeScript types at compile time — eliminating the need to write types and validators separately. Used for API input validation, form validation, environment variables, config files, and any data boundary.
> zipkin
Deploy and configure Zipkin for distributed tracing and request flow visualization. Use when a user needs to set up trace collection, instrument Java/Spring or other services with Zipkin, analyze service dependencies, or configure storage backends for trace data.