+++
title = "[TRIAGE] OpenTofu state backend — local file (gitignored) vs Terraform Cloud vs Cloudflare R2?"
priority = 9
status = "done"
ticket_type = "task"
dependencies = []
+++

<context>
This is a triage decision ticket. It must be resolved before dependent implementation tickets can proceed.
</context>

<question>
OpenTofu state backend: should the `.tfstate` file be stored locally (gitignored), in Terraform Cloud (free tier), or in Cloudflare R2 (S3-compatible backend)?
</question>

<options>
1. **Local file** — simplest, but state is lost if the machine changes and cannot be shared. Suitable for solo development.
2. **Terraform Cloud** — free tier available, remote state with locking. Requires a Terraform Cloud account.
3. **Cloudflare R2** — S3-compatible, keeps state within Cloudflare ecosystem. Requires an R2 bucket and API credentials.
</options>

<resolution>
**Decision: Local file backend (gitignored).**

Rationale:
- `quotesdb` is a solo developer project — no team, no CI/CD pipeline that needs shared state.
- Infrastructure is small (1 Worker + 1 D1 + 1 Pages project). If state is lost, all resources can be recovered via `tofu import`.
- Terraform Cloud: unnecessary HashiCorp account dependency with no benefit for solo use.
- Cloudflare R2: chicken-and-egg problem — the R2 bucket itself must be manually bootstrapped before it can serve as the OpenTofu backend, adding setup complexity and extra credential scope.
- Local file: zero extra accounts, zero extra credentials, immediate to set up.

Implementation (see ticket 2d1371):
- `infra/terraform.tf`: use default local backend (no `backend` block needed — local is the OpenTofu default).
- `infra/.gitignore`: ignore `*.tfstate`, `*.tfstate.backup`, `.terraform/`, `.terraform.lock.hcl`.
- `infra/README.md`: document that state is local and how to recover with `tofu import` if lost.
</resolution>

<commit>
`chore(quotesdb): resolve triage — opentofu-state-backend-local-file-gitignored-vs-terraform-cl`
</commit>