MinhVo

Minh Vo

rss feed

Slaying code & making it lit fr fr 🔥 tagline

Hey there 👋 I'm an AI Engineer with 7 years of experience building scalable web and mobile applications. Currently at Neurond AI (May 2025 — present), architecting an Enterprise AI Assistant Platform with multi-tenant RAG on pgvector, multi-provider LLM orchestration, and Azure-native infrastructure. Previously spent 5+ years at SNAPTEC (Sep 2019 — Apr 2025), leading SaaS themes, admin dashboards, and e-commerce platforms — earned the Hero of the Year award in 2021. I specialize in TypeScript, React, Next.js, and AI-Native engineering with Claude Code and Cursor.bio

Resumegithub - https://github.com/minhomegamail - mailto:vnqminh0502@gmail.comlinkedin - https://linkedin.com/in/minhvoomegaphone - tel:+84835559175facebook - https://www.facebook.com/minhomegaa/
Projects
Experience
TIL
Blogs
Back to blogs

Infrastructure as Code Terraform vs Pulumi vs OpenTofu

Infrastructure as Code comparison. HCL vs general-purpose languages, state management, drift detection, enterprise patterns.

infrastructure as codeTerraformPulumiOpenTofudevopscloud

By MinhVo

Introduction

Terraform BSL license change drove OpenTofu creation. Pulumi general-purpose language approach gained enterprise traction. Terraform remains dominant with the largest provider ecosystem. OpenTofu provides community-driven alternative with state encryption. Pulumi appeals to teams preferring TypeScript, Python, Go, or C# over HCL.

The IaC Landscape in 2026

devops illustration

Terraform BSL license change drove OpenTofu creation. Pulumi general-purpose language approach gained enterprise traction. Terraform remains dominant with the largest provider ecosystem. OpenTofu provides community-driven alternative with state encryption. Pulumi appeals to teams preferring TypeScript, Python, Go, or C# over HCL.

Terraform HCL and Ecosystem

HCL is declarative and designed for readability. The Terraform Registry hosts 3,000+ providers and 15,000+ modules. Workflow: init, plan, apply, destroy. Remote state backends enable team collaboration with locking. Terraform Cloud provides Sentinel policy enforcement, cost estimation, and drift detection.

Pulumi General-Purpose Languages

Infrastructure in TypeScript, Python, Go, and C#. Type checking catches errors at compile time. Functions, loops, and conditionals enable dynamic definitions. CrossGuard enables compliance-as-code. Automation API embeds infrastructure operations in applications programmatically. State management supports multiple backends with encryption.

OpenTofu Open-Source Alternative

devops illustration

Maintained by the Linux Foundation, fully compatible with existing HCL code. Adds state encryption, removed blocks, and client-side state encryption. Migration from Terraform is straightforward: state files and providers are compatible, CLI commands identical. Governance ensures permanent open-source availability.

State Management and Testing

Best practices: remote backends, state locking, encryption at rest. State isolation per environment and blast radius. Drift detection on schedule. Testing: terraform validate, tflint, Checkov for security scanning. For Pulumi: programmatic unit tests with mock providers. Policy-as-code with Sentinel, CrossGuard, or OPA.

Enterprise Patterns and Migration

GitOps pattern with pull request workflows. Module registry encoding best practices. Cost management with Infracost on PRs. Tool selection: Terraform for existing HCL investment, OpenTofu for open-source priority, Pulumi for language preference. Migration: Terraform to OpenTofu is drop-in, to Pulumi requires code translation.

Conclusion

The topics covered in this article represent important developments in modern software engineering. By understanding these concepts deeply and applying them in your projects, you can build more robust, scalable, and maintainable systems. Continue exploring, experimenting, and building — the technology landscape rewards those who stay curious and keep learning.