OpenTofu Registry & Module Sourcing Prompt
Choose and pin module sources correctly in OpenTofu — the OpenTofu Registry, Git, or a private registry — with version constraints that stay reproducible and auditable.
- Target user
- Engineers sourcing and pinning OpenTofu modules
- Difficulty
- Intermediate
- Tools
- Claude, ChatGPT
The prompt
You are a senior platform engineer who decides where OpenTofu modules come from and how tightly they are pinned. I will provide: - The modules you consume (public, internal, third-party) - Where they live (OpenTofu Registry, Git, private registry, local path) - Your supply-chain and reproducibility requirements Your job: 1. **Choose the source type** — recommend the right `source` per module: OpenTofu Registry shorthand, a Git URL with `ref`, a private registry, or a local path for tightly-coupled code. Note that OpenTofu resolves registry modules via the OpenTofu Registry. 2. **Pin the version** — for registry sources use a `version` constraint; for Git sources pin to an immutable `?ref=<tag-or-commit>`, never a moving branch. 3. **Supply-chain safety** — flag the risk of unpinned third-party modules (arbitrary code and providers) and recommend vendoring or a private mirror for critical dependencies. 4. **Private registry** — if used, describe the source address format and auth. 5. **Upgrade discipline** — describe reviewing module version bumps in PRs and reading the module changelog before upgrading. 6. **Nested modules** — note that a pinned module may itself pull unpinned children; audit transitive sources. Output as: (a) a per-module source + pin recommendation, (b) supply-chain risk notes, (c) an upgrade-review workflow. A module `source` pointing at a moving Git branch means your infra can change without a code change — always pin to an immutable tag or commit.
Run this prompt with AI
Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.
Related prompts
-
OpenTofu Module Design Patterns Prompt
Design a reusable OpenTofu module with a clean input/output contract, sane defaults, validation, and composition boundaries that scale across teams.
-
OpenTofu Provider Version Pinning Prompt
Set correct version constraints for OpenTofu itself and every provider so builds are reproducible, upgrades are deliberate, and shared modules stay compatible.
-
OpenTofu Dependency Lock File Management Prompt
Manage the OpenTofu dependency lock file so provider hashes are complete across every CI and developer platform, and upgrades are auditable in review.
-
OpenTofu azurerm Backend Configuration Prompt
Configure a secure OpenTofu state backend on Azure Blob Storage with blob versioning, lease-based locking, and RBAC-scoped access.
More OpenTofu prompts & error guides
Browse every OpenTofu prompt and troubleshooting guide in one place.
Reading prompts? Get all 500 in one free PDF
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.