Configuration
This guide covers configuring OpenPrime for your environment.
Configuration Files​
OpenPrime uses several configuration layers:
openprime-local-testing/
├── .env # Environment variables (generated)
├── .env.example # Template for .env
├── secrets.enc.env # Encrypted secrets (SOPS)
└── docker-compose.yml # Service configuration
openprime-app/
└── src/config/
├── servicesConfig.js # Service definitions
├── providersConfig.js # Cloud provider mappings
└── helmChartsConfig.js # Helm chart catalog
Environment Variables​
Core Variables​
| Variable | Description | Default |
|---|---|---|
NODE_ENV | Environment mode | development |
PORT | Backend API port | 3001 |
FRONTEND_URL | Frontend URL for CORS | http://localhost:3000 |
DATABASE_URL | PostgreSQL connection string | (Docker internal) |
Authentication (Keycloak)​
| Variable | Description | Default |
|---|---|---|
KEYCLOAK_URL | Keycloak server URL | http://localhost:8080 |
KEYCLOAK_REALM | Realm name | openprime |
KEYCLOAK_CLIENT_ID | Client ID | openprime-app |
Database​
| Variable | Description | Default |
|---|---|---|
DB_HOST | Database host | postgres |
DB_PORT | Database port | 5432 |
DB_NAME | Database name | openprime |
DB_USER | Database user | openprime |
DB_PASSWORD | Database password | (encrypted) |
Secrets Management​
OpenPrime uses SOPS with age encryption for secrets.
Initial Setup​
cd openprime-local-testing
# Create secrets file from template
npm run env:init
# This creates:
# - .env (unencrypted, gitignored)
# - secrets.enc.env (encrypted, committed)
Editing Secrets​
# Edit encrypted secrets (opens in $EDITOR)
npm run secrets:edit
# View decrypted secrets
npm run secrets:view
# Re-encrypt after manual edits
npm run secrets:encrypt
Secrets Structure​
# secrets.enc.env contents
DB_PASSWORD=your-secure-password
KEYCLOAK_ADMIN_PASSWORD=admin-password
ENCRYPTION_KEY=32-byte-hex-key
AWS_ACCESS_KEY_ID=AKIA...
AWS_SECRET_ACCESS_KEY=...
Service Configuration​
Customizing Services​
Service definitions in openprime-app/src/config/servicesConfig.js:
export const servicesConfig = {
kubernetes: {
name: 'Kubernetes',
category: 'compute',
providers: ['aws', 'azure', 'gcp'],
schema: {
clusterName: {
type: 'string',
required: true,
pattern: '^[a-z][a-z0-9-]*$',
},
version: {
type: 'select',
options: ['1.28', '1.27', '1.26'],
default: '1.28',
},
nodeGroups: {
type: 'array',
items: {
name: { type: 'string', required: true },
instanceType: { type: 'string', default: 't3.medium' },
desiredSize: { type: 'number', default: 2 },
},
},
},
},
};
Adding New Providers​
Provider mappings in openprime-app/src/config/providersConfig.js:
export const providersConfig = {
aws: {
name: 'Amazon Web Services',
regions: [
{ value: 'us-east-1', label: 'US East (N. Virginia)' },
{ value: 'us-west-2', label: 'US West (Oregon)' },
// ...
],
services: ['kubernetes', 'database', 'storage', 'serverless'],
},
};
Docker Compose Configuration​
Resource Limits​
Adjust resource limits in docker-compose.yml:
services:
backend:
deploy:
resources:
limits:
cpus: '1'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
Volume Persistence​
volumes:
postgres_data:
driver: local
keycloak_data:
driver: local
Network Configuration​
networks:
openprime:
driver: bridge
ipam:
config:
- subnet: 172.20.0.0/16
Feature Flags​
Enable/disable features via environment variables:
# Enable AI assistant (requires AWS Bedrock)
ENABLE_AI_ASSISTANT=true
# Enable experimental features
ENABLE_EXPERIMENTAL=false
# Enable detailed logging
LOG_LEVEL=debug
Production Configuration​
For production deployments, see:
- Docker Deployment - Production Docker setup
- Kubernetes Deployment - Helm chart deployment
- Production Checklist - Security and performance
Key Differences​
| Setting | Development | Production |
|---|---|---|
NODE_ENV | development | production |
LOG_LEVEL | debug | info |
| HTTPS | disabled | required |
| Rate limiting | relaxed | strict |
| CORS | localhost | specific origins |