Sidekick is a command-line tool that provisions bare VPS servers, transfers Docker images, manages secrets, and orchestrates zero-downtime deployments across single or multiple server instances. It handles the full deployment pipeline from a local machine, building container images locally and transferring them directly to the server without requiring a remote container registry.
The tool distinguishes itself through an integrated approach to security and automation. It encrypts environment variables locally using SOPS and Age keys, then decrypts them on the server at deploy time for runtime injection, keeping credentials off disk. Deployments use health checks to switch traffic to new containers only after they pass, ensuring no requests are dropped during updates. A single command provisions a bare VPS with Docker, Traefik, and security hardening, including disabling root login and configuring firewalls. The system also supports preview environments tied to git commits, accessible on unique subdomains for testing before production promotion.
Beyond core deployment, Sidekick includes an interactive configuration wizard that walks through setup, database provisioning on the remote server, live container log streaming from the VPS to the local terminal, and Prometheus metrics exposure through the reverse proxy. It can trigger automatic redeployment when a new Docker image is pushed to a registry, and manages traffic routing across multiple applications on a single VPS with automatic TLS certificate generation and renewal.
