{"id":19873056,"url":"https://github.com/checkpointsw/terraform-provider-infinity-next","last_synced_at":"2026-03-04T12:09:25.232Z","repository":{"id":37724721,"uuid":"481097698","full_name":"CheckPointSW/terraform-provider-infinity-next","owner":"CheckPointSW","description":"Infinity Next's Terraform Provider for managing CloudGuard AppSec and other Infinity Next security application using Terraform.","archived":false,"fork":false,"pushed_at":"2025-04-22T08:02:59.000Z","size":749,"stargazers_count":7,"open_issues_count":7,"forks_count":3,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-04-22T09:23:16.524Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CheckPointSW.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-04-13T06:25:06.000Z","updated_at":"2025-04-20T10:10:59.000Z","dependencies_parsed_at":"2024-11-19T16:31:53.715Z","dependency_job_id":"db15d3c6-8099-44a9-a880-e0d5837f04e4","html_url":"https://github.com/CheckPointSW/terraform-provider-infinity-next","commit_stats":{"total_commits":44,"total_committers":5,"mean_commits":8.8,"dds":0.2727272727272727,"last_synced_commit":"a130cda753c1f214ac349bb2aa29d4b14a7cf8ce"},"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CheckPointSW%2Fterraform-provider-infinity-next","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CheckPointSW%2Fterraform-provider-infinity-next/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CheckPointSW%2Fterraform-provider-infinity-next/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CheckPointSW%2Fterraform-provider-infinity-next/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CheckPointSW","download_url":"https://codeload.github.com/CheckPointSW/terraform-provider-infinity-next/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252015825,"owners_count":21680828,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-12T16:17:40.974Z","updated_at":"2026-02-09T14:02:33.324Z","avatar_url":"https://github.com/CheckPointSW.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Check Point Infinity Next Management Terraform Provider\n\nInfinity Next's Terraform Provider for managing CloudGuard AppSec and other Infinity Next security application using Terraform.\nYou could read the documentation of Infinity Next [here](https://appsec-doc.inext.checkpoint.com/).\n\n## Requirements\n\n- Terraform v0.13+\n- [inext CLI](https://github.com/CheckPointSW/infinity-next-terraform-cli/releases/latest) - used to publish and enforce your changes made by Terraform.\n\n## Usage\n\n### Generating an API Key _(Required)_\n\n1. Go to https://portal.checkpoint.com, navigate to _Global Settings -\u003e API Keys_\n\n2. Create a new API key and select _Infinity Policy_ as the service, with _Admin_ role, we recommend that you specify a meaningful comment for the key so you could identify them later and avoid mistakes.\n\n3. Store the _Client ID_ and _Secret Key_ in a secure location, and note there's no way to view the secret key afterward.\n\n### Configuring the Provider\n\nThere are 2 options to set the credentials to be used by the provider:\n\n- Set the credentials in environment variables `INEXT_CLIENT_ID` and `INEXT_ACCESS_KEY`\n\n- Set the credentials explicitly or through input variables, in the `.tf` file that defines the `provider` block using the fields `client_id` and `access_key`\n\nNote that credentials are per region, which can be configured with the `region` field of the provider's definition. It defaults to \"eu\" and currently it accepts either \"eu\" or \"us\".\n\n### Publish and Enforce your changes _(Required)_\n\nAll changes that are made when running `terraform apply` are done under a session of the configured API key.\nAt Infinity Next, each session must be published to be able to enforce your configured policies on your assets. Think of it as commiting your changes to be able to make a release.\n\nDue to Terraform's lack of concept of session management/commiting changes at the end of an applied configuration, it's required from the user of this provider to publish and enforce the applied configuration by himself.\n\nThis repository includes a CLI utility for this exact use case, which includes 2 commands: `publish` and `enforce`.\n\n### Using terraform resource\n\nYou can use the `inext_publish_enforce` resource to trigger publish and enforce operations directly from Terraform.\n\n~\u003e **Important:** There should be only **one** `inext_publish_enforce` resource in your configuration.\n\nAdd the following to your Terraform configuration:\n\n```terraform\nvariable \"publish\" {\n  type    = bool\n  default = false\n}\n\nvariable \"enforce\" {\n  type    = bool\n  default = false\n}\n\nresource \"inext_publish_enforce\" \"publish-and-enforce\" {\n  publish     = var.publish\n  enforce     = var.enforce\n\n  # Optional: specify profile IDs to enforce directly in the resource\n  # If empty or not provided, all profiles will be enforced\n  # profile_ids = [\"profile-id-1\", \"profile-id-2\"]\n\n  depends_on = [\n    # IMPORTANT: List ALL your resources here to ensure publish/enforce runs last\n    inext_web_app_asset.my-webapp-asset,\n    inext_web_app_practice.my-webapp-practice,\n    # ... add all other resources\n  ]\n}\n```\n\n~\u003e **Important:** The `depends_on` block **must include all other resources** in your configuration. This ensures that the publish and enforce operations only run after all resources have been successfully created or updated. Failing to include all resources may cause conflicts or result in incomplete enforcement.\n\nThen run the following command to apply your configuration and trigger publish/enforce:\n\n```bash\nterraform apply -var=\"publish=true\" -var=\"enforce=true\"\n```\n\nThe `depends_on` block ensures that the publish and enforce operations only run after all other resources have been successfully created or updated.\n\nAfter each run the values are defaulted to false so using this must be **explicit**\n\n### Using the `inext` CLI\n\nDownload and install the CLI found in the [latest release](https://github.com/CheckPointSW/infinity-next-terraform-cli/releases/latest)\n\nYou could run `inext help` and get all available options and commands.\n\nThe CLI requires the same credentials used to configure the provider, there are 3 options to pass these credentials to the CLI:\n\n1. Set the environment variables: `INEXT_REGION`, `INEXT_CLIENT_ID` and `INEXT_ACCESS_KEY` and run `inext \u003ccommand\u003e`, this is more comfortable for usage right after `terraform apply` since it uses the same environment variables.\n2. Set credentials using flags `--client-id` (shorthand `-c`) and `--access-key` (shorthand `-k`)\n\n   ```\n   inext publish -c $INEXT_CLIENT_ID -k $INEXT_ACCESS_KEY -r us\n   ```\n\n3. Create a yaml file at `~/.inext.yaml` with the following content:\n   ```\n   client-id: \u003cINEXT_CLIENT_ID\u003e\n   access-key: \u003cINEXT_ACCESS_KEY\u003e\n   region: eu\n   ```\n   Run `inext \u003ccommand\u003e` and the CLI would be configured using `~/.inext.yaml` by default, can be set using `inext --config \u003cconfig-path\u003e \u003ccommand\u003e`\n\n## Example\n\n```\nterraform init\nterraform apply\ninext publish \u0026\u0026 inext enforce\n```\n\nThen navigate to the [Cloud Tab](https://portal.checkpoint.com/dashboard/policy#/cloud/getting-started) and enable the _Tech Preview_ toggle at the bottom right.\nYou should now see your applied objects, each in its own tab.\n\n## Build\n\n### Requirements\n\n- Go 1.24+\n\nTo build the provider run:\n\n```\ngo build\n```\n\nTo build the build the CLI run:\n\n```\ncd cmd\ngo build -o inext\ncp inext /usr/local/bin\n```\n\n## Note\n\nDo not edit objects both from the Infinity Next portal and using this provider, as it may cause conflicts and unexpected behavior.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcheckpointsw%2Fterraform-provider-infinity-next","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcheckpointsw%2Fterraform-provider-infinity-next","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcheckpointsw%2Fterraform-provider-infinity-next/lists"}