.webp)
An IaC glossary Terraform OpenTofu teams can actually use is valuable because platform engineering depends on shared language.
When DevOps teams, security teams, developers, and enterprise IT leaders use the same terms differently, infrastructure workflows become harder to govern.
Terraform and OpenTofu are both central to infrastructure as code, but the surrounding ecosystem includes state, providers, modules, policies, registries, workspaces, pipelines, drift, secrets, and governance.
This glossary explains the most important terms in plain English, with a platform engineering lens.
It is designed for teams that have moved beyond basic CLI workflows and now need stronger IaC governance tools, including policy controls, RBAC, cost visibility, drift detection, and self-service workflows.
How to Use This Glossary
Use this glossary as an onboarding reference, documentation aid, or internal alignment tool.
It can help teams understand Terraform, OpenTofu, Terraform Cloud, and governance concepts before making decisions about migration, platform tooling, or workflow standardization.
Terraform and OpenTofu Glossary
Infrastructure as Code
Infrastructure as Code, or IaC, is the practice of defining infrastructure through code instead of manual configuration.
It helps teams make infrastructure repeatable, reviewable, and version-controlled.
Terraform
Terraform is an infrastructure as code tool used to define, provision, and manage infrastructure across cloud providers, SaaS platforms, and other services.
OpenTofu
OpenTofu is an open-source infrastructure as code tool created as a Terraform-compatible alternative.
It is often evaluated by teams that want familiar workflows with a more open governance path.
Terraform Cloud
Terraform Cloud, now part of HCP Terraform, is a managed platform for Terraform runs, remote state, collaboration, policies, and workflow automation.
Terraform Registry
The Terraform registry is where teams can find providers and reusable modules.
Platform teams often use registry governance to control approved infrastructure patterns.
Provider
A provider is a plugin that lets Terraform or OpenTofu interact with an external system, such as AWS, Azure, Google Cloud, Kubernetes, or a SaaS platform.
Resource
A resource is an infrastructure object managed by Terraform or OpenTofu. Examples include virtual machines, databases, networks, IAM roles, and storage buckets.
Data Source
A data source lets Terraform or OpenTofu read information from an existing system without managing that object directly.
Module
A module is a reusable package of infrastructure configuration. Teams use modules to standardize infrastructure patterns and reduce repeated code.
Root Module
The root module is the main working directory where Terraform or OpenTofu commands are run. It can call child modules and define resources directly.
Child Module
A child module is a reusable module called by another module. Platform teams often create child modules for approved infrastructure patterns.
State File
The state file records the relationship between configuration and real infrastructure. It is one of the most sensitive parts of any Terraform or OpenTofu workflow.
Remote State
Remote state stores the state file outside a local machine, usually in a shared backend. It helps teams collaborate safely and avoid conflicting changes.
Backend
A backend controls where state is stored and how operations such as locking are handled. Backends are critical for team-based IaC workflows.
State Locking
State locking prevents multiple users or systems from changing the same infrastructure state at the same time. Without locking, teams risk conflicts and corruption.
Plan
A plan shows what Terraform or OpenTofu intends to change before applying it. Reviewing plans is a core part of safe infrastructure delivery.
Apply
Apply executes the planned infrastructure changes. In governed workflows, applies should usually require review, approval, or policy checks.
Destroy
Destroy removes infrastructure managed by the configuration. Because this can be risky, production destroy actions should be tightly controlled.
Drift
Drift occurs when real infrastructure no longer matches the IaC configuration. Drift detection helps teams identify unmanaged or manual changes.
Variable
A variable lets teams pass configurable values into infrastructure code. Variables are commonly used for regions, environment names, instance sizes, and feature settings.
Local Value
A local value, often called a local, stores a reusable expression inside configuration. Terraform locals help make code cleaner and easier to maintain.
Output
An output exposes useful values after infrastructure is created, such as endpoint URLs, IDs, or resource names.
Sensitive Value
A sensitive value is information that should not be exposed in logs or outputs. Examples include passwords, tokens, and private keys.
Secrets
Secrets are sensitive credentials used by infrastructure workflows. OpenTofu secrets and Terraform secrets should be handled through secure stores, not plain text.
Workspace
A workspace separates state for different environments or deployments. Teams may use workspaces for development, staging, and production.
Environment
An environment is a logical deployment context, such as dev, staging, production, or sandbox. Governance rules often vary by environment.
Policy-as-Code
Policy-as-code defines governance rules in code. It helps teams enforce security, cost, compliance, and operational standards automatically.
RBAC
Role-Based Access Control, or RBAC, controls who can view, plan, approve, or apply infrastructure changes.
Approval Workflow
An approval workflow requires designated users or teams to review changes before they are applied. This is important for production governance.
Audit Log
An audit log records who changed what, when, and through which workflow. Auditability is essential for enterprise IaC governance.
Cost Visibility
Cost visibility helps teams understand the financial impact of infrastructure changes before or after deployment.
Self-Service Infrastructure
Self-service infrastructure lets developers request approved infrastructure without waiting on manual tickets, while platform teams maintain guardrails.
TACOS
TACOS stands for Terraform Automation and Collaboration Software. It describes platforms that manage IaC workflows, governance, collaboration, and automation.
CI/CD Pipeline
A CI/CD pipeline automates testing, planning, and deployment. Pipelines can run Terraform or OpenTofu, but do not automatically provide full governance.
Terraform to OpenTofu Migration
Terraform to OpenTofu migration is the process of moving Terraform workflows, state, providers, modules, and pipelines to OpenTofu safely.
OpenTofu vs Terraform
OpenTofu vs Terraform comparisons usually focus on licensing, governance, compatibility, roadmap, and ecosystem direction.
Terraform vs OpenTofu
Terraform vs OpenTofu is not always an either-or decision. Many platform teams may run both during transition periods.
Private Module Registry
A private module registry stores approved internal modules. It helps teams standardize infrastructure and reduce unsafe patterns.
Provider Version Constraint
A provider version constraint controls which provider versions can be used. This helps prevent unexpected changes during plans and applies.
IaC Governance Tools
IaC governance tools help teams manage policies, access, drift, cost, approvals, and auditability across infrastructure workflows.
Why These Terms Matter for Platform Teams
Knowing the terms is useful, but applying them correctly is where platform teams create value.
A team may understand Terraform state, but still struggle without state governance. A team may use OpenTofu, but still need approval workflows, RBAC, and cost visibility.
This is why env0 matters for organizations scaling IaC. env0 helps teams govern Terraform, OpenTofu, and related workflows through self-service guardrails, drift management, cost monitoring, and access control.
For teams comparing env0 vs Terraform Cloud, the bigger question is whether they need a broader governance platform for modern IaC operations.
Build Governed IaC Workflows With env0
env0’s IaC Platform & Terraform Automation service helps platform teams manage Terraform, OpenTofu, and broader IaC workflows from one governed platform.
If your team is standardizing infrastructure terminology, improving onboarding, or evaluating IaC governance tools, env0 can help turn shared language into safer, faster infrastructure delivery. For more information, contact us today.
FAQs
What is an IaC glossary?
An IaC glossary is a reference that defines infrastructure as code terms in plain language. It helps engineers, platform teams, security teams, and leadership align on concepts like state, providers, modules, drift, policies, and governance.
Why should platform engineers know Terraform and OpenTofu terms?
Platform engineers need these terms because they design and govern infrastructure workflows across teams. Clear terminology improves onboarding, documentation, approvals, incident reviews, and migration planning.
What is the difference between Terraform and OpenTofu?
Terraform and OpenTofu share familiar infrastructure as code workflows, but they differ in governance, licensing direction, and roadmap. OpenTofu is often evaluated by teams that want a Terraform-compatible open-source alternative.
Is Terraform Cloud part of Terraform?
Terraform Cloud is a managed platform for Terraform workflows, while Terraform is the IaC tool itself. Terraform Cloud adds collaboration, remote state, policy, and workflow automation features around Terraform.
How do IaC governance tools help teams?
IaC governance tools help teams control who can deploy, which policies apply, how drift is detected, and how infrastructure cost is monitored. They turn Terraform and OpenTofu workflows into safer enterprise processes.
Why does env0 belong in a Terraform and OpenTofu glossary?
env0 belongs in the conversation because teams need more than definitions. They need a platform to govern Terraform, OpenTofu, policies, RBAC, cost visibility, drift detection, and developer self-service at scale.