Skip to main content
This lesson demonstrates how to manage resource dependencies in OpenTofu, covering both explicit and implicit approaches using depends_on and attribute references.

Table of Contents

  1. Understanding Resource Dependencies
  2. Generating a TLS Private Key
  3. Writing the Key to a Local File
  4. Cleanup
  5. Explicit Dependency with depends_on
  6. Links and References

Understanding Resource Dependencies

OpenTofu resources can depend on each other in two ways:
Dependency TypeDefinitionSyntax Example
ExplicitResource A waits for Resource B without accessing its attributes directly.depends_on = [local_file.krill]
ImplicitResource A references Resource B’s attribute in its arguments.content = tls_private_key.pvtkey.private_key_pem
First, we set an explicit dependency using the depends_on argument when Resource A does not reference Resource B’s attributes:
The image shows a Visual Studio Code editor with a welcome message for KodeKloud OpenTofu Lab on the right, and a multiple-choice question about dependencies on the left.
Next, an implicit dependency is created by referencing one resource’s attributes inside another:
The image shows a KodeKloud OpenTofu Lab interface with a Visual Studio Code editor on the right, displaying a welcome message and terminal, and a quiz question on the left about implicit dependency.

Generating a TLS Private Key

Navigate to your project’s key-generator directory and create key.tf: 
resource "tls_private_key" "pvtkey" {
  algorithm = "RSA"
  rsa_bits  = 4096
}
Initialize, plan, and apply the configuration: 
opentofu init
opentofu plan
opentofu apply
# Type "yes" to confirm
Inspect the generated key: 
opentofu show tls_private_key.pvtkey
Storing private keys in plain text can pose a security risk. Never commit sensitive key material to version control.

Writing the Key to a Local File

Update key.tf to include a local_file resource: 
resource "tls_private_key" "pvtkey" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

resource "local_file" "key_details" {
  filename = "/root/key.txt"
  content  = tls_private_key.pvtkey.private_key_pem
}
Re-run OpenTofu: 
opentofu init
opentofu plan
opentofu apply
# Confirm with "yes"
Verify that /root/key.txt contains your PEM-encoded private key.

Cleanup

When you’re done, destroy both resources: 
opentofu destroy
# Confirm with "yes"

Explicit Dependency with depends_on

Create a new directory (e.g., /root/explicit-dependency) and add main.tf: 
resource "local_file" "krill" {
  filename = "/root/krill.txt"
  content  = "krill"
}

resource "local_file" "whale" {
  filename   = "/root/whale.txt"
  content    = "whale"
  depends_on = [local_file.krill]
}
Here, whale will only be created after krill, illustrating an explicit dependency without attribute references. Apply this configuration: 
opentofu init
opentofu plan
opentofu apply
# Enter "yes" to proceed

Watch Video

Practice Lab