CloudCenmax
Live · Public Terraform Registry

Run CloudCenmax with terraform apply

Add cloudcenmax/cloudcenmax to your providers block, export your API key, and deploy servers, buckets, and lifecycle changes through the same plan/apply workflow you already trust. No DSL, no proprietary state — just the HCL you already write.

Get an API key Install the provider
~2 min
Create → active
11
Resources, data sources & actions
MPL-2.0
Open-source license
$0
Extra to use it

Apply in three steps

No SDK, no glue code, no plugin to host. It's the registry, your API key, and terraform init.

1

Issue an API key

Mint a ck_… key in your dashboard. Read-only for safe `terraform plan` runs; read + write when you actually want to ship.

2

Add the provider

Declare `cloudcenmax/cloudcenmax` in your `required_providers`. `terraform init` pulls a signed binary from the public registry.

3

terraform apply

Write a `cloudcenmax_server` or `cloudcenmax_bucket` block. Apply waits for the VM to reach active and returns its IP — ready for cloud-init, Ansible, or the next module.

Everything you'd expect from a real provider

Every block maps to the same governed API behind the dashboard, the CLI, and the MCP server. One source of truth, four ways in.

Provision servers

A `cloudcenmax_server` resource declares CPU, RAM, region, and OS. Apply waits until the VM is active and returns its IP — ready to hand off to your next module or cloud-init.

Run object storage

A `cloudcenmax_bucket` resource creates an S3-compatible bucket in any region. The bucket-scoped secret lands in (sensitive) state once at create — never re-fetched, never logged.

Browse the catalog

`cloudcenmax_catalog` filters SKUs by region, module, or provider. Pin a cheap dev plan or pick the closest data center entirely in HCL.

Resolve a plan

`cloudcenmax_sku` looks up a SKU code and returns its specs and hourly price, so an unexpected bill never shows up after `apply`.

Read your account

`cloudcenmax_account` returns your live balance and currency — wire it into a precondition to fail-fast a deploy on low balance.

Trigger lifecycle actions

`cloudcenmax_server_action` (Terraform 1.14+) reinstalls the OS, rotates the root password, takes a snapshot, opens VNC, or enables IPv6 as a one-shot wired into the apply graph.

Detect drift on every plan

Power-cycled from the dashboard? Resized out-of-band? The next `terraform plan` shows the delta — and your CI gate stops it landing unreviewed.

Built for the workflow you already run

No vendor lock, no custom DSL, no surprises

This is a plain Terraform provider, not a "platform" that pretends to be one. The source is on GitHub, the binary is signed by the official Registry, your state stays where you put it, and the meter stops the second destroy returns.

Plain HCL, no DSL

Standard `resource`, `data`, and `action` blocks. If you've written providers for AWS, DigitalOcean, or Hetzner, you already know the moves.

State stays where you put it

No proprietary state backend, no forced cloud account. Use your existing S3/GCS/Postgres/TFC remote state — or stay on disk. We never see it.

Read-only mode for CI plans

Issue a read-only key for plan runs; mint write keys only for the apply leg. A stray `terraform apply` in a draft PR cannot spin anything up.

Hourly billing, no contracts

You pay only for what's actually running. `terraform destroy` calls the same terminate endpoint the dashboard uses — and the meter stops on that response.

Wire it into the pipeline you already use

The provider is at cloudcenmax/cloudcenmax. Same binary, four common entry points — pick yours.

Set the env var, drop the block in, init, apply.

main.tf 
# main.tf
terraform {
  required_providers {
    cloudcenmax = {
      source  = "cloudcenmax/cloudcenmax"
      version = "~> 0.1"
    }
  }
}

resource "cloudcenmax_server" "web" {
  name = "web-1"
  sku  = "vm.o.11.109"             # 1 vCPU / 1 GB / 10 GB — Seattle, US (included IPv4)
  options = {
    template = "1055"              # Debian 12 64-bit
  }
}
Then 
export CLOUDCENMAX_API_KEY=ck_your_api_key
terraform init
terraform apply

Mint a key on your API keys page after you register. Read-only for browsing, read + write to apply.

Identical syntax. Swap the binary — the registry mirror resolves the same source.

In your repo 
export CLOUDCENMAX_API_KEY=ck_your_api_key
tofu init
tofu apply

Use the same main.tf from the Terraform CLI tab — cloudcenmax/cloudcenmax resolves through OpenTofu's registry mirror.

Same provider block. The API key is a workspace secret.

  1. Terraform Cloud: workspace → Variables → add CLOUDCENMAX_API_KEY as an Environment Variable, mark it Sensitive.
  2. Atlantis: expose CLOUDCENMAX_API_KEY through your existing secrets path (Vault, Doppler, Kubernetes Secret, GitHub env) and let Atlantis inject it on plan / apply.
  3. Commit the required_providers block. The next PR runs terraform plan against CloudCenmax through your existing review gate.

Run a read-only key on the plan runner and a write-scoped key on the apply runner if you split them — locks down accidental applies.

One workflow step. The key is a repository secret.

.github/workflows/infra.yml 
# .github/workflows/infra.yml
jobs:
  apply:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: hashicorp/setup-terraform@v3
      - run: terraform init && terraform apply -auto-approve
        env:
          CLOUDCENMAX_API_KEY: ${{ secrets.CLOUDCENMAX_API_KEY }}

For OpenTofu, use opentofu/setup-opentofu@v1 and swap terraform for tofu in the run step.

Don't have a key yet? Create a free account, then mint a ck_… key on the API keys page. Read-only for safe terraform plan runs, read + write to let apply act.

Questions, answered

Do I need a CloudCenmax account?

Yes — the provider authenticates against your account using a ck_… API key. Sign up is free; you only pay for resources you actually provision.

Is the provider itself free?

Yes. The provider binary is open source (MPL-2.0) and listed on the public Terraform Registry. You are billed only for the servers, buckets, and bandwidth you actually run.

Can I use it with OpenTofu?

Yes. OpenTofu pulls `cloudcenmax/cloudcenmax` from its registry mirror. The HCL, the auth env var, and the state format are identical — switch `terraform` for `tofu` in your commands.

How do I handle the API key in CI?

Set `CLOUDCENMAX_API_KEY` as a masked secret in GitHub Actions, GitLab CI, Terraform Cloud, or Atlantis. For plan-only stages, mint a read-scoped key so a stray run cannot change anything.

What happens on terraform destroy?

Apply hits the terminate endpoint, the API tears down the underlying VM or bucket, and your meter stops on the same response. State is cleared in the same step — no orphaned bills.

Is it production-ready? What's in v0.1.0?

v0.1.0 ships the full server and bucket lifecycle plus the action surface, with end-to-end test coverage. Pin `~> 0.1` and minor versions stay additive — breaking schema changes only ship behind a major bump.

Ship your next deploy in HCL

Create a CloudCenmax account, mint an API key, and terraform apply. Hourly billing, no contracts, cancel anytime.

Get your API key Browse plans