# mightymoud/sidekick **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/mightymoud-sidekick).** 7,465 stars · 160 forks · Go · GPL-3.0 ## Links - GitHub: https://github.com/MightyMoud/sidekick - Homepage: https://www.sidekickdeploy.com - awesome-repositories: https://awesome-repositories.com/repository/mightymoud-sidekick.md ## Topics `deployment` `heroku` `self-host` `self-hostable` `self-hosted` `self-hosting` `selfhosting` `vps-admin` `vps-server` `vps-setup` `vps-ubuntu` ## Description Sidekick is a command-line tool that provisions bare VPS servers, transfers Docker images, manages secrets, and orchestrates zero-downtime deployments across single or multiple server instances. It handles the full deployment pipeline from a local machine, building container images locally and transferring them directly to the server without requiring a remote container registry. The tool distinguishes itself through an integrated approach to security and automation. It encrypts environment variables locally using SOPS and Age keys, then decrypts them on the server at deploy time for runtime injection, keeping credentials off disk. Deployments use health checks to switch traffic to new containers only after they pass, ensuring no requests are dropped during updates. A single command provisions a bare VPS with Docker, Traefik, and security hardening, including disabling root login and configuring firewalls. The system also supports preview environments tied to git commits, accessible on unique subdomains for testing before production promotion. Beyond core deployment, Sidekick includes an interactive configuration wizard that walks through setup, database provisioning on the remote server, live container log streaming from the VPS to the local terminal, and Prometheus metrics exposure through the reverse proxy. It can trigger automatic redeployment when a new Docker image is pushed to a registry, and manages traffic routing across multiple applications on a single VPS with automatic TLS certificate generation and renewal. ## Tags ### DevOps & Infrastructure - [Docker-Based Deployment Tools](https://awesome-repositories.com/f/devops-infrastructure/container-orchestration/container-runtimes/runtime-configuration-interfaces/docker-socket-orchestrators/docker-target-configurators/docker-container-deployments/docker-based-deployment-tools.md) — Ships a command-line tool that deploys Docker applications to a bare VPS with zero-downtime releases and automatic SSL certificates. - [Docker Image Builds](https://awesome-repositories.com/f/devops-infrastructure/automated-deployment-pipelines/docker-image-builds.md) — Builds container images on the local machine, then transfers the image file directly to the server without needing a remote registry. ([source](https://www.sidekickdeploy.com/docs/design/docker-images/)) - [Secrets Deployment Pipelines](https://awesome-repositories.com/f/devops-infrastructure/automated-deployment-pipelines/secrets-deployment-pipelines.md) — Encrypts and injects environment variables at deploy time using SOPS and Age, keeping credentials off disk. - [Single-Command Deployments](https://awesome-repositories.com/f/devops-infrastructure/cloud-deployment/multi-cloud-deployments/cross-cloud-certificate-deployment/cloud-platform-deployments/application-cloud-deployments/single-command-deployments.md) — Sets up a production-ready VPS and deploys a Docker application with a single command, eliminating manual configuration. ([source](https://www.sidekickdeploy.com/docs/ethos/why-sidekick/)) - [Docker Host Provisioners](https://awesome-repositories.com/f/devops-infrastructure/cloud-infrastructure/networking-connectivity/virtual-private-clouds/hetzner-vps-provisioners/docker-host-provisioners.md) — Installs Docker, Traefik, and supporting tools on a bare VPS, then configures SSH and TLS for production-ready hosting. ([source](https://www.sidekickdeploy.com/docs/command/init/)) - [Generic VPS Provisioners](https://awesome-repositories.com/f/devops-infrastructure/cloud-infrastructure/networking-connectivity/virtual-private-clouds/hetzner-vps-provisioners/generic-vps-provisioners.md) — Automates the full setup of a bare VPS with Docker, Traefik, and security hardening in a single command. - [Local-to-Remote Image Transfers](https://awesome-repositories.com/f/devops-infrastructure/container-orchestration/container-runtimes/runtime-configuration-interfaces/docker-socket-orchestrators/docker-target-configurators/docker-container-deployments/docker-image-building/local-to-remote-image-transfers.md) — Builds Docker images locally and transfers them directly to the server without requiring a remote container registry. - [Local-to-Server Image Deployments](https://awesome-repositories.com/f/devops-infrastructure/container-orchestration/container-runtimes/runtime-configuration-interfaces/docker-socket-orchestrators/docker-target-configurators/docker-container-deployments/docker-image-building/local-to-server-image-deployments.md) — Builds a Docker image locally, transfers it to the server, and routes live traffic to it with automatic SSL certificates. ([source](https://cdn.jsdelivr.net/gh/mightymoud/sidekick@main/README.md)) - [Zero-Downtime Rollout Orchestrators](https://awesome-repositories.com/f/devops-infrastructure/containerized-deployment-orchestration/zero-downtime-rollout-orchestrators.md) — Pushes containerized apps to a server and orchestrates zero-downtime updates with automated rollback on failure. ([source](https://www.sidekickdeploy.com/docs/)) - [Direct Image File Transfers](https://awesome-repositories.com/f/devops-infrastructure/direct-to-host-deployments/direct-image-file-transfers.md) — Copies the built image file to the server, loads it into the Docker daemon, and removes the file, keeping source code off the remote machine. ([source](https://www.sidekickdeploy.com/docs/design/docker-images/)) - [Dockerfile Deployments](https://awesome-repositories.com/f/devops-infrastructure/direct-to-host-deployments/universal-runtime-deployments/dockerfile-deployments.md) — Builds and deploys any application from a Dockerfile with zero downtime and seamless traffic switching. ([source](https://www.sidekickdeploy.com/docs/introduction/what-is-sidekick/)) - [Automated Production Server Setup](https://awesome-repositories.com/f/devops-infrastructure/infrastructure/infrastructure-as-code/provisioning-and-deployment/server-installation-methods/automated-production-server-setup.md) — Configures a bare VPS with all dependencies and security hardening in a single command for application deployment. ([source](https://www.sidekickdeploy.com/docs/)) - [Bare VPS Provisioners](https://awesome-repositories.com/f/devops-infrastructure/infrastructure/infrastructure-as-code/provisioning-and-deployment/server-installation-methods/automated-production-server-setup/bare-vps-provisioners.md) — Provisions a bare VPS with Docker, Traefik, and security hardening in a single command for production readiness. ([source](https://www.sidekickdeploy.com/docs/introduction)) - [VPS Provisioning Commands](https://awesome-repositories.com/f/devops-infrastructure/infrastructure/private-enterprise-management/virtualization-bare-metal/bare-metal-orchestration/vps-provisioning-commands.md) — Runs a single command that installs Docker, configures networking, and hardens a bare VPS for production use. ([source](https://www.sidekickdeploy.com/docs/ethos/)) - [Direct Image File Transfers](https://awesome-repositories.com/f/devops-infrastructure/local-image-loading/direct-image-file-transfers.md) — Transfers built Docker images directly to the server as files, bypassing the need for a remote container registry. - [Bare VPS Provisioning Commands](https://awesome-repositories.com/f/devops-infrastructure/self-hosted-platform-as-a-service/single-command-deployments/bare-vps-provisioning-commands.md) — Installs Docker, Traefik, SOPS, and Age on a bare VPS with a single command, hardening security by disabling root login. - [Docker Application Deployments](https://awesome-repositories.com/f/devops-infrastructure/self-hosted-platform-as-a-service/single-command-deployments/docker-application-deployments.md) — Sets up a production-ready environment on a bare VPS and deploys a Docker application with zero-downtime releases. ([source](https://www.sidekickdeploy.com/docs/command/launch/)) - [Docker Image Push Deployments](https://awesome-repositories.com/f/devops-infrastructure/self-hosted-platform-as-a-service/single-command-deployments/docker-image-push-deployments.md) — Pushes a local Docker image to a remote host and starts it with a single CLI invocation. ([source](https://www.sidekickdeploy.com/docs/ethos/)) - [Server Deployments](https://awesome-repositories.com/f/devops-infrastructure/server-deployments.md) — Provisions a remote VPS with all required dependencies and configures it to accept deployments. ([source](https://www.sidekickdeploy.com/docs/command/)) - [Server Provisioners](https://awesome-repositories.com/f/devops-infrastructure/server-provisioners.md) — Sets up a production-ready VPS with Docker, Traefik, and security hardening in one automated command. - [Single-Server Deployment Utilities](https://awesome-repositories.com/f/devops-infrastructure/single-server-deployment-utilities.md) — Provides a single-command workflow to deploy Docker applications to a single VPS with zero-downtime updates and automatic SSL. - [Zero-Downtime Deployments](https://awesome-repositories.com/f/devops-infrastructure/zero-downtime-deployments.md) — Rolls out new Docker image versions without interrupting live traffic, with automatic health checks and rollback. - [Health-Check Gated Deployments](https://awesome-repositories.com/f/devops-infrastructure/zero-downtime-deployments/health-check-gated-deployments.md) — Switches traffic to new containers only after they pass health checks, ensuring zero dropped requests during updates. - [Image](https://awesome-repositories.com/f/devops-infrastructure/git-deployment-integrations/push-triggered-deployments/image.md) — Triggers automatic redeployment when a new Docker image is pushed to a registry, integrating with CI/CD pipelines. ([source](https://www.sidekickdeploy.com/docs/ethos/vision/)) - [Multi-Server Application Deployments](https://awesome-repositories.com/f/devops-infrastructure/multi-server-application-deployments.md) — Coordinates deployments and infrastructure across several VPS instances from a single control point. ([source](https://www.sidekickdeploy.com/docs/ethos/vision/)) - [Multi-Application Load Balancers](https://awesome-repositories.com/f/devops-infrastructure/traffic-load-balancers/multi-application-load-balancers.md) — Hosts several applications on a single VPS and load-balances incoming requests for high availability. ([source](https://www.sidekickdeploy.com/docs/introduction/what-is-sidekick/)) ### Development Tools & Productivity - [VPS Setup Automations](https://awesome-repositories.com/f/development-tools-productivity/machine-setup-automations/vps-setup-automations.md) — Sets up a bare VPS with Docker, Traefik, SOPS, and Age in a single automated command, hardening security by disabling root login. ([source](https://cdn.jsdelivr.net/gh/mightymoud/sidekick@main/README.md)) - [Commit-Tied Preview Environments](https://awesome-repositories.com/f/development-tools-productivity/deployment-environments/per-environment-overrides/commit-tied-preview-environments.md) — Creates isolated deployments tied to git commit hashes, accessible on unique subdomains for pre-production testing. ### Networking & Communication - [Container Image Layer Transfers](https://awesome-repositories.com/f/networking-communication/direct-file-transfers/container-image-layer-transfers.md) — Builds Docker images locally and transfers them directly to a remote server without a container registry. - [Automated TLS Reverse Proxies](https://awesome-repositories.com/f/networking-communication/traffic-proxying/proxy-traffic-management/automated-tls-reverse-proxies.md) — Routes incoming requests through a managed reverse proxy that automatically handles TLS certificate generation and renewal. ([source](https://www.sidekickdeploy.com/docs/design/reverse-proxy/)) - [Domain-Based Routing](https://awesome-repositories.com/f/networking-communication/network-infrastructure-routing/network-infrastructure-configuration/network-and-server-infrastructure/domain-name-system-services/domain-based-routing.md) — Directs incoming requests to the correct container based on domain or path rules, handling TLS termination automatically. ([source](https://www.sidekickdeploy.com/docs/design/)) ### Security & Cryptography - [Runtime Secret Injection](https://awesome-repositories.com/f/security-cryptography/cryptographic-key-management/external-key-integration/runtime-secret-injection.md) — Decrypts environment variables on the server during deployment, making values available only in the running process without storing them on disk. ([source](https://www.sidekickdeploy.com/docs/command/launch/)) - [Secret Encryption](https://awesome-repositories.com/f/security-cryptography/secret-encryption.md) — Encrypts environment variables locally using age keys and sops, then transfers only the encrypted file to the server for runtime injection. ([source](https://www.sidekickdeploy.com/docs/design/secrets/)) - [Sops Tooling Integrations](https://awesome-repositories.com/f/security-cryptography/sops-tooling-integrations.md) — Encrypts and injects secrets at deploy time using SOPS and Age, keeping credentials off the server disk. - [Firewall Configurations](https://awesome-repositories.com/f/security-cryptography/firewall-configurations.md) — Sets up and manages firewall rules on the VPS to secure the deployed applications. ([source](https://www.sidekickdeploy.com/docs/ethos/vision/)) - [VPS Security Hardening](https://awesome-repositories.com/f/security-cryptography/network-security-hardening/vps-security-hardening.md) — Applies system-level security defaults and firewall rules during initial VPS setup to reduce the attack surface. ([source](https://www.sidekickdeploy.com/docs/design/)) - [SSH Private Key Authentications](https://awesome-repositories.com/f/security-cryptography/private-key-import-formats/ssh-private-key-authentications.md) — Detects default SSH keys and agent-loaded keys to log into the VPS, then disables root login for security. ([source](https://www.sidekickdeploy.com/docs/command/init/)) - [Root Login Disablers](https://awesome-repositories.com/f/security-cryptography/root-login-disablers.md) — Disables direct root login and password-based authentication, creating a dedicated user for all subsequent administrative commands. ([source](https://www.sidekickdeploy.com/docs/design/security/)) - [Secret Management](https://awesome-repositories.com/f/security-cryptography/secret-management.md) — Stores and injects sensitive values into containers without exposing them in configuration files or logs. ([source](https://www.sidekickdeploy.com/docs/design/)) - [SSL Certificate Managers](https://awesome-repositories.com/f/security-cryptography/ssl-certificate-managers.md) — Obtains and renews SSL certificates automatically for connected domains with no manual configuration required. ([source](https://www.sidekickdeploy.com/docs/introduction/what-is-sidekick/)) ### Software Engineering & Architecture - [Zero-Downtime Version Rollouts](https://awesome-repositories.com/f/software-engineering-architecture/configuration-versioning/deployment-versioners/zero-downtime-version-rollouts.md) — Builds a fresh Docker image locally, syncs updated environment variables, and rolls out the new version with zero traffic loss. ([source](https://www.sidekickdeploy.com/docs/command/deploy/)) ### Web Development - [Application Deployment](https://awesome-repositories.com/f/web-development/application-deployment.md) — Sends the project's Docker image to a provisioned server and starts it with zero-downtime. ([source](https://www.sidekickdeploy.com/docs/command/)) - [Preview Deployments](https://awesome-repositories.com/f/web-development/application-deployment/preview-deployments.md) — Creates ephemeral preview environments tied to git commits for testing before production promotion. ([source](https://www.sidekickdeploy.com/docs/command/)) - [Traffic Routing](https://awesome-repositories.com/f/web-development/traffic-routing.md) — Routes incoming requests to the correct container based on domain rules with automatic TLS termination. ([source](https://www.sidekickdeploy.com/docs/command/launch/)) ### Operating Systems & Systems Programming - [Database Instance Provisioning](https://awesome-repositories.com/f/operating-systems-systems-programming/terminal-command-line-environments/shells-scripting/provisioning-scripts/database-instance-provisioning.md) — Creates and configures a database instance on the VPS with a single command, ready for application use. ([source](https://www.sidekickdeploy.com/docs/ethos/vision/)) ### System Administration & Monitoring - [Multi-Server Orchestration](https://awesome-repositories.com/f/system-administration-monitoring/administrative-operations/service-and-infrastructure-management/database-server-management/multi-server-orchestration.md) — Manages deployments and infrastructure across multiple VPS instances from a single CLI control point.