openops
Verified Safeby openops-cloud
Overview
A No-Code FinOps automation platform that helps organizations reduce cloud costs and streamline financial operations by providing customizable workflows to automate key FinOps processes like allocation, unit economics, anomaly management, workload optimization, and safe de-provisioning.
Installation
npm run startEnvironment Variables
- NGINX_CLIENT_MAX_BODY_SIZE
- OPS_REQUEST_BODY_LIMIT
- OPS_OPENOPS_TABLES_PUBLIC_URL
- OPS_ENCRYPTION_KEY
- OPS_JWT_SECRET
- OPS_OPENOPS_ADMIN_EMAIL
- OPS_OPENOPS_ADMIN_PASSWORD
- OPS_JWT_TOKEN_LIFETIME_HOURS
- OPS_TABLES_TOKEN_LIFETIME_MINUTES
- OPS_OPENOPS_TABLES_DATABASE_NAME
- OPS_OPENOPS_TABLES_DB_HOST
- OPS_POSTGRES_USERNAME
- OPS_POSTGRES_PASSWORD
- OPS_POSTGRES_DATABASE
- REDIS_URL
- OPS_FRONTEND_URL
- OPS_ANALYTICS_ADMIN_PASSWORD
- ANALYTICS_POWERUSER_PASSWORD
- OPS_API_KEY
- OPS_PUBLIC_URL
- OPS_ENVIRONMENT
- OPS_ENVIRONMENT_NAME
- OPS_TRIGGER_DEFAULT_POLL_INTERVAL
- OPS_WEBHOOK_TIMEOUT_SECONDS
- OPS_BLOCKS_SOURCE
- OPS_BLOCKS_SYNC_MODE
- OPS_NGINX_CONFIG_FILE
- OPS_VERSION
- OPS_OPENOPS_TABLES_VERSION
- OPS_ANALYTICS_VERSION
- OPS_LOG_LEVEL
- OPS_LOG_PRETTY
- OPS_TELEMETRY_MODE
- OPS_TELEMETRY_COLLECTOR_URL
- OPS_ENGINE_URL
- OPS_EXECUTION_MODE
- OPS_QUEUE_MODE
- OPS_REDIS_HOST
- OPS_REDIS_PORT
- OPS_DB_TYPE
- OPS_POSTGRES_HOST
- OPS_POSTGRES_PORT
- OPS_AWS_ENABLE_IMPLICIT_ROLE
- OPS_CODE_BLOCK_MEMORY_LIMIT_IN_MB
- OPS_SLACK_APP_SIGNING_SECRET
- OPS_SLACK_ENABLE_INTERACTIONS
- HOST_AZURE_CONFIG_DIR
- HOST_CLOUDSDK_CONFIG
- OPS_ENABLE_HOST_SESSION
- POSTGRES_MAX_CONNECTIONS
- ANALYTICS_ALLOW_ADHOC_SUBQUERY
- AZURE_API_VERSION
- DOCS_MCP_SERVER_PATH
- SUPERSET_MCP_SERVER_PATH
- AI_PROMPTS_LOCATION
- FRONTEGG_PUBLIC_KEY
- CLOUD_ORGANIZATION_ID
- FRONTEGG_URL
- EXEC_FILE_MAX_BUFFER_SIZE_MB
- LANGFUSE_SECRET_KEY
- LANGFUSE_PUBLIC_KEY
- LANGFUSE_HOST
- REDIS_USER
- REDIS_PASSWORD
- REDIS_USE_SSL
- REDIS_DB
- QUEUE_UI_USERNAME
- QUEUE_UI_PASSWORD
Security Notes
The project demonstrates strong security awareness, including password hashing (bcrypt, firebase-scrypt), encryption of sensitive data (AES-256-CBC), input sanitization for CLI commands (shell-quote), and webhook signature verification for Slack. Crucially, it employs `isolated-vm` for sandboxing code execution, a critical measure for a platform running user-provided code. Logging includes redaction of sensitive patterns. However, the extensive number of external integrations (AWS, Azure, Google Cloud, Microsoft Graph, Slack, Jira, etc.) significantly expands the attack surface. Default CORS settings allowing all origins ('*') can be a security risk if not mitigated by external proxies or strict API key usage. While `isolated-vm` is a robust control for code execution, the presence of `eval` and `Function` constructor in some sandbox modes (e.g., no-op) requires careful scrutiny to ensure they are not used in high-privilege contexts. Default placeholder secrets in configuration files (`values.yaml`) must be changed immediately for production deployment.
Similar Servers
n8n
The MCP (Model Context Protocol) components in n8n enable workflows to interact with external AI agents and tools over a standardized protocol, facilitating communication between n8n and AI models for agent-based automation.
activepieces
An open-source, extensible AI automation platform designed as a Zapier alternative, supporting low-code/no-code workflows and integration with Large Language Models (LLMs) through a type-safe TypeScript framework.
flux-operator
The Flux Operator MCP Server enables AI assistants to interact with Kubernetes clusters managed by the Flux Operator through natural language, allowing analysis, troubleshooting, and operations on GitOps pipelines.
gemini-flow
An AI workflow orchestration and execution platform that enables visual programming and integrates with Google's Gemini and Vertex AI services.