Origin9

Features

One platform for the whole product lifecycle

Scaffold applications, provision the services they depend on, ship them with GitOps, and run them on your AWS account — with the governance, secrets, audit, and identity you need, natively connected.

Build

Scaffold applications, provision services, ship with CI/CD.

Workspaces

Your starting point — scaffold apps, wire up CI/CD, and ship business logic from day one.

A workspace is where your applications, managed services, and Helm charts live together. Scaffold a new project from built-in templates across 10+ frameworks, or connect an existing repo — Origin9 generates the Dockerfile, CI/CD pipeline, and deployment config so you can skip the plumbing and start writing features.

  • Scaffold in 10+ Frameworks. Next.js (SSR + static), React + Vite, Vue, Angular, Nuxt, Node.js/Express, Spring Boot, Rails, Go, and more — each template ships with Dockerfile, pipeline, and sensible defaults.
  • Auto-Generated CI/CD. Origin9 writes the pipeline YAML for the connected Git provider and wires it to your cluster. No hand-crafted GitHub Actions, GitLab CI, or Bitbucket Pipelines needed.
  • Grouped by Product. Each workspace holds its own applications, managed services, Helm charts, and deploy targets — a clean scope for every product, team, or business unit.
Learn more

Deployment Pipeline

From commit to cluster — GitOps, approvals, rollback, and drift detection, natively connected.

Push to your Git provider; Origin9 builds, deploys, and keeps the cluster in sync with the repo. Configure approvals, deployment windows, and notifications per environment. Roll back any deploy in one click with full history.

  • Multi-Provider Git. Connect GitHub, GitLab SaaS, GitLab self-hosted, or Bitbucket. Webhook handlers for Actions, GitLab CI, and Pipelines trigger builds on every push or merge request.
  • GitOps Reconciliation. An in-cluster agent keeps live state matching the repo. Automatic, manual, and scheduled sync policies let you control how aggressively drift is corrected.
  • Drift Detection & Self-Heal. Unauthorized changes to the cluster are detected and flagged. Optional auto-remediation brings the cluster back to the repo-declared state.
Learn more

Managed Services

Databases, caches, storage, and messaging — provisioned from a catalog, wired into your apps.

Provision Postgres, Redis, S3, SES, and more directly from a catalog. Origin9 stands them up on AWS or in-cluster, writes the credentials into the Secrets Engine, and wires them into the applications that need them — so new services are available to your code the moment they are ready.

  • Opinionated Catalog. Ready-to-provision service definitions for Postgres, MySQL, Redis, S3, SES, and more — each with sensible defaults and tunable parameters.
  • AWS or In-Cluster. Choose the runtime per service: AWS-managed via ACK operators (RDS, ElastiCache, S3), or self-hosted in your Kubernetes cluster.
  • Auto-Wired Credentials. Once provisioned, connection strings and keys are written into the Secrets Engine and injected into the applications that depend on them.
Learn more
Operate & Govern

Run workloads on your AWS account with approvals, secrets, and audit built in.

Cloud Infrastructure

Production-grade Kubernetes on your AWS account — provisioned from a guided wizard.

Stand up a fully configured EKS cluster with VPC, networking, SSL, DNS, monitoring, and autoscaling — from a few clicks. Bring your own AWS account; Origin9 generates least-privilege IAM, provisions infrastructure via Terraform under the hood, and installs the in-cluster agent that powers deploys.

  • Bring Your Own Account. Connect your AWS account and grant a least-privilege IAM role. Origin9 provisions inside your account — you keep full ownership and visibility.
  • Guided Cluster Wizard. Pick region, Kubernetes version, node config, Karpenter settings, and addons. Review the cost estimate before provisioning kicks off.
  • Stack Preconfigured. Load balancer, ingress controller, DNS via Route53, cert-manager with auto-SSL, monitoring, and a GitOps agent — installed and wired.
Learn more

Environment Governance

Dev, staging, production — each with its own approvals, windows, policies, and isolation.

Every environment is classified (development, testing, staging, UAT, production, DR) and gets policies that fit its tier — approval gates, deployment windows, workload validation, network rules, and environment locks. Ephemeral previews spin up per PR and clean up on merge. Governance that protects production without slowing developers.

  • Classification-Driven Policy. Development, Testing, Staging, UAT, Production, and Disaster Recovery — each tier ships with defaults for approvals, windows, and workload validation.
  • Multi-Approver Gates. Require N reviewers before a deploy can proceed to sensitive environments. Approvals are recorded in the audit trail with timestamp and rationale.
  • Deployment Windows. Restrict when deploys can run — business hours, maintenance windows, or a custom schedule — timezone-aware per environment.
Learn more

Secrets Engine

Encrypted vault with rotation, versioning, audit, and direct-to-pod injection.

AES-256-GCM encrypted secrets, organized in a folder hierarchy, scoped per environment, injected into pods at runtime. Rotation schedules, full version history, and a complete audit trail keep secret hygiene honest without Vault's operational weight.

  • AES-256-GCM Encryption. Bank-grade encryption at rest with AWS KMS key management and tamper-evident integrity checks.
  • Folder Hierarchy. Organize secrets in a folder tree up to 10 levels deep. Environment scoping separates dev from production values at the same path.
  • Six Secret Types. General, TLS Certificate, Docker Registry, SSH Key, Basic Auth, and AWS Credentials — each with shape validation on write.
Learn more

Audit & Compliance

Every action logged across the platform — searchable, exportable, ready for your auditor.

Origin9 captures audit events across six domains — organization, authentication, terminal sessions, deployments, secrets, and environments. Each event records who, what, when, where, and why, with configurable retention and export formats mapped to SOC 2, ISO 27001, HIPAA, PCI DSS, and GDPR evidence needs.

  • Six Audit Systems. Organization, Authentication, Terminal sessions, Deployments, Secrets, and Environments — each capturing domain-specific events with consistent metadata.
  • Full Context per Event. Who (actor), what (action), when (timestamp), where (IP + geo), how (browser/desktop/API), and outcome — recorded for every action.
  • Search & Filter. Filter by actor, action type, time range, or outcome. Full-text search across every field — no log-stitching across tools.
Learn more
Identity

Customer auth and internal team management — SSO, SCIM, MFA, workflows.

Identity Studio

The login experience for your product — SSO, MFA, social, passwordless, and workflows.

A full identity platform you embed in your own product. Email/password, social, enterprise SAML/OIDC, passwordless, and WebAuthn — with custom branding, custom user data models, MFA, workflow automation, and a developer API. Multi-product support keeps each SaaS offering on its own isolated user base.

  • Five Auth Methods. Email/password with policy, social (Google, GitHub, Microsoft, Facebook), enterprise SAML/OIDC, passwordless magic links, and WebAuthn.
  • Custom Branding. Your logo, colors, fonts, and background — 17 configurable color values, three layouts, per-product overrides, and custom domains with automatic SSL.
  • MFA Support. TOTP, SMS, email OTP, and WebAuthn with backup codes, per-user enrollment tracking, and DISABLED/OPTIONAL/REQUIRED policy enforcement.
Learn more

Team Management & SSO

Your internal team — roles, invitations, SSO, SCIM, session security — no separate vendor.

Three organization roles, email invitations with approval queues, SSO with Google, Microsoft, Okta, OneLogin and any SAML/OIDC provider, SCIM provisioning for automated user lifecycle, and hardened session security — for your Origin9 team, not your customers.

  • Three Organization Roles. Viewer (read-only), Developer (edit + deploy to non-prod), Admin (full control of infrastructure and production).
  • SSO with Six+ Providers. Google Workspace, Microsoft 365, Okta, OneLogin, any SAML 2.0, any OIDC provider — with just-in-time provisioning.
  • SCIM Provisioning. Automatic user creation, suspension, group sync, and role mapping from Okta or Azure AD — user lifecycle without spreadsheets.
Learn more

Try every feature. Free.

From idea to production in days. Not months.