cofounder/cto @ Onu here! Thanks for this feedback. We're working on a fully self-hosted version of Onu for this use case. Currently users can opt into self-hosting their scripts within their own cloud, but these scripts are still triggered by our hosted frontend (with some auth). Allowing users to self-host the Onu frontend is on our roadmap.

Re: bash scripts - we chose to focus on backend scripts so that engineers can utilize existing business logic since these tend to be helper functions & classes written in the backend language of their application. We're open to supporting bash scripts in the future - would this be something that would be helpful in your org?

Not GP, but without supporting bash scripts the tool isn't very useful to us

At the risk of an extreme facepalm moment given the {obvious danger, code smell, worst practice, etc.} I still feel compelled to ask: don't the languages already supported offer an execution gateway (like the backtick operator or shell_exec() in php) such that an extremely lightweight wrapper would allow this to run your bash scripts?

Well, from the description I gathered the service was going to “TURN (existing) scripts INTO internal tools”. Not “provide a front-end to a framework where you write brand new code to integrate with your business logic”… The first mode seems to add a relatively large amount of value for relatively low effort given the management scripts that already exist. The second seems more like a framework only useful for processes you spend the effort to migrate. Was hoping to see a Rundeck competitor but got an Internal competitor instead?

Not to mention most of my bash scripts are just wrappers around calling some other binary executables

100% but I assume they are requesting first-class support.

People who write bash scripts well and people who write nodejs scripts are likely different groups that will want very different things from this service.

If that’s all you want you might as well use Jenkins or a myriad of other similar tools. It’s free and self hosted.

Yeah almost every company on earth has a VPN and allowing an outside Internet site access to prod servers is not great practice.

Is there a self hostable version of this?

Otherwise this will be a tough sell to security minded companies I think.

Agreed, self-hosting is a must, and for most security-minded/regulated companies it needs to be source available for audits. Deploying a proprietary app at the level this will need to be is a no-go unless you have a big (and trusted) corp behind it.

N+1 here, I'd like to add that we have a bunch of VPN tunnels and collectively they are a massive PITA. Adding one more is an uphill request.

This is great feedback! Thanks y'all! We're starting with our hosted product so that folks can sign up and get started immediately. This has helped us get initial feedback and iterate super quickly. That said, releasing a self-serve, self-hosted version of Onu is a big item on our roadmap. We've heard lots of conflicting opinions on the necessity for a self-hosted version of the app, but this feedback definitely helps validate how necessary it will be.

I would expect any company over 500 staff with a functioning InfoSec team will want a more secure option to deploy. Just an idea, but if you must run the service on your end, another option could be single tenants/pods that you provision and the customer holds encryption keys in their KMS and can manage RBAC. Your staff would have only lower level admin ability to start/stop/delete the pod.

More modern day SaaS first tools do not have on-prem option instead they have an on-prem agent model that executes tasks and responds back to the main SaaS platform.

When I worked at a big well known tech company their prod environment of 100,000 or so servers didn't have access to the internet.

Resource often have access to outbound internet via proxies. You need it for updates. Super big org often self host solutions

Can you name some examples? I haven't come across that yet.

Airplane [1] with is similar platform like this. In security space there is Wiz [2]. At Adaptive [3] that is in access management platform, where I work. We do the same too. Agent communicating over established tunnel works without any org configuration changes.

[1] https://airplane.dev

[2] https://wiz.io

[3] https://adaptive.live

At this point i just use ChatGPT to build the UI's for my script. What else does this offer?