Skip to main content

Frequently Asked Questions

General​

What is OpenPrime?​

OpenPrime is an open-source Infrastructure-as-Code platform that provides a visual interface for designing, managing, and deploying cloud infrastructure across multiple providers (AWS, Azure, GCP, and on-premise).

Is OpenPrime free to use?​

Yes, OpenPrime is open-source and free under the MIT License. You can use it for personal, educational, and commercial purposes.

What cloud providers are supported?​

  • AWS - Full support for compute, storage, databases, and Kubernetes (EKS)
  • Azure - Support for AKS, VMs, and core services
  • GCP - Support for GKE and core services
  • On-Premise - Kubernetes and Docker deployments

Does OpenPrime manage my cloud resources directly?​

No, OpenPrime generates infrastructure code (Terraform, Helm, ArgoCD manifests). You run the generated code to provision resources. This gives you full control and auditability.

Installation​

What are the system requirements?​

  • Docker Desktop 4.0+ with at least 4GB RAM allocated
  • Docker Compose v2
  • Modern web browser (Chrome, Firefox, Safari, Edge)

Why won't the services start?​

Common issues:

  1. Port conflicts - Check if ports 3000, 3001, 8080 are in use
  2. Docker memory - Increase Docker Desktop memory to 4GB+
  3. Database initialization - Run npm run clean then npm start

How do I reset everything?​

cd openprime-local-testing
npm run clean  # Stops services and removes volumes
npm start      # Fresh start

Authentication​

What authentication does OpenPrime use?​

OpenPrime uses Keycloak for authentication via OpenID Connect (OIDC) with PKCE flow. This supports:

  • Username/password login
  • Social login (Google, GitHub, etc.)
  • Enterprise SSO (SAML, LDAP)

How do I add users?​

  1. Access Keycloak Admin: http://localhost:8080/admin
  2. Select the openprime realm
  3. Go to Users → Add User
  4. Set credentials in the Credentials tab

Can I use my own identity provider?​

Yes, Keycloak supports identity brokering. Configure your IdP in Keycloak Admin → Identity Providers.

Environments​

What is an "environment" in OpenPrime?​

An environment represents a complete infrastructure deployment configuration, including:

  • Cloud provider and region
  • Services (Kubernetes, databases, etc.)
  • Helm charts
  • Configuration parameters

Can I have multiple environments?​

Yes, you can create unlimited environments. Common patterns:

  • Development / Staging / Production
  • Per-team environments
  • Per-project environments

How do I copy an environment?​

Currently, you can export an environment's configuration and import it as a new environment. Clone functionality is planned.

Infrastructure Generation​

What formats does OpenPrime generate?​

  • Terraform - .tf files for infrastructure provisioning
  • Helm values - values.yaml files for Kubernetes applications
  • ArgoCD - Application manifests for GitOps
  • FluxCD - Kustomizations for GitOps (coming soon)

How does the template system work?​

OpenPrime uses a custom template processor (Injecto) that:

  1. Reads template files with @param and @section decorators
  2. Applies your configuration values
  3. Generates final infrastructure code

See Template System Architecture for details.

Can I customize the generated code?​

Yes, you can:

  1. Modify templates in openprime-infra-templates/templates/
  2. Use custom Helm values in the UI
  3. Edit generated code before applying

Security​

How are cloud credentials stored?​

Cloud credentials are encrypted using AES-256-GCM before storage in the database. The encryption key is stored separately and should be managed securely.

Is the application secure for production?​

For production, ensure you:

  • Use HTTPS everywhere
  • Configure proper CORS origins
  • Enable rate limiting
  • Use strong encryption keys
  • Follow the Production Checklist

How do I report a security vulnerability?​

Please report security issues privately to security@openprime.dev. Do not create public issues for vulnerabilities.

Troubleshooting​

Logs show "connection refused" to database​

# Check database is running
docker compose ps

# View database logs
npm run logs:db

# Restart all services
npm restart

Frontend shows blank page​

  1. Check browser console for errors
  2. Verify backend is healthy: curl http://localhost:3001/health
  3. Clear browser cache and reload

Keycloak login redirects forever​

  1. Ensure Keycloak is healthy: curl http://localhost:8080/realms/master
  2. Check CORS settings in backend
  3. Verify KEYCLOAK_URL matches actual URL

API returns 401 Unauthorized​

  1. Clear browser storage and re-login
  2. Check token hasn't expired
  3. Verify Keycloak client configuration

Contributing​

How can I contribute?​

See our Contributing Guide for details on:

  • Reporting bugs
  • Suggesting features
  • Submitting code
  • Improving documentation

Where should I ask questions?​

  • GitHub Discussions - General questions
  • Discord - Real-time help
  • Issues - Bug reports and feature requests

Roadmap​

What features are planned?​

  • Multi-tenancy support
  • Cost estimation
  • Drift detection
  • Policy enforcement (OPA)
  • More cloud services
  • FluxCD support

How can I request a feature?​

Open a GitHub Discussion with the "Feature Request" category. Include:

  • Use case description
  • Expected behavior
  • Any relevant examples