OpenTofu, an open-source infrastructure-as-code tool for defining, provisioning, and managing cloud and on-prem resources declaratively, maintained as a community-driven fork of Terraform, has released version 1.11 with two main new additions.

The first one is support for ephemeral resources and write-only attributes. Ephemeral values exist only in memory during a single OpenTofu operation and are never written to plans or state snapshots. This allows temporary data—such as time-limited credentials, SSH tunnels, or transient configuration inputs—to be generated and consumed securely without appearing in stored files.