v1.1.0 Released

Keep your infrastructure
up to date

QuietKeep is a self-hosted web dashboard for managing Linux system patches and Docker stack updates across all your hosts. Connects over SSH. No agents required on any managed host.

Star on GitHub
QuietKeep dashboard showing host overview with patch status
4+
Supported Linux Distros
SSH
Only Transport Needed
0
Agents on Managed Hosts
AGPL
Open Source License
What It Does

Everything in one dashboard

QuietKeep handles patch management and Docker stack maintenance across your entire fleet from a single interface.

System Patch Management

Scan hosts for available updates, apply security patches with one click, and track full patch history with log output per host. Detects when a reboot is needed after kernel updates.

Docker Stack Management

Automatically discovers Docker Compose stacks on any host, detects when newer container images are available, and updates stacks with one click. Full update logs and release note links included.

Fleet Overview Dashboard

At-a-glance status for all hosts and stacks in one view. Clickable filter cards let you drill into hosts that need updates, are pending a reboot, or have available Docker image updates.

Multi-Distro Support

Supports Debian, Ubuntu, Kali Linux, Arch, CachyOS, and Proxmox VE. QuietKeep runs the right package manager commands for each host automatically.

Light, Dark, and System Themes

Full theme support built in. Choose light, dark, or follow the system preference. Theme is stored per-user and applied immediately without a page reload.

Threat Intel Dashboard

Built-in CISA Known Exploited Vulnerabilities (KEV) catalog. Filter by vendor, threat actor, or time range. Tracks ransomware-linked CVEs so you know which vulnerabilities matter most.

First-Run Wizard

A guided setup wizard with pre-flight system checks walks you through initial configuration. SSH settings, scan intervals, and theme preferences are all managed from the built-in settings page.

Authentication and 2FA

Single-user login with bcrypt-hashed passwords and JWT session tokens. Optional TOTP two-factor authentication via any standard authenticator app. Password reset requires server access, not email.

Fleet Diagnostics

Sortable table showing OS name, kernel version, uptime, reboot status, and sudoers configuration for every host. Spot outdated kernels, long-running hosts, or missing sudo rules at a glance.

Screenshots

See it in action

Screenshots from a live homelab environment running QuietKeep v1.1.0.

QuietKeep login page with username and password authentication
Single-user login with optional TOTP two-factor authentication.
QuietKeep home dashboard with host status overview
Home dashboard with host status, tags sidebar, recent activity feed, and clickable metric tiles.
QuietKeep system patches view showing available updates per host
System patches view with tag filters, host count badges, bulk Patch All, and patch history export.
QuietKeep Docker stacks view showing discovered stacks and available image updates
Docker stacks view showing auto-discovered Compose stacks and available image updates with one-click stack updates.
QuietKeep Diagnostics page with fleet-wide system health table
Fleet-wide diagnostics with sortable columns for OS, kernel, uptime, disk usage, reboot status, and sudoers.
QuietKeep Threat Intel dashboard showing CISA KEV catalog with vendor and threat actor filters
Threat Intel dashboard with CISA KEV catalog, vendor and threat actor filtering, and ransomware-linked CVE tracking.
QuietKeep settings page showing security settings with 2FA enabled
Settings page with tag management, security, SSH configuration, and theme preferences.
QuietKeep About page showing version 1.1.0 and AGPL-3.0 license
About page showing version, license, and project links.
How It Works

SSH in, nothing left behind

QuietKeep runs on one host and connects to the rest of your infrastructure over SSH. It runs standard OS and Docker commands remotely. Nothing is installed on the managed hosts.

Runs on one server
Deploy QuietKeep once on any Linux host. FastAPI backend, React frontend, SQLite database. No external services needed.
Connects over SSH
Uses key-based SSH authentication to reach managed hosts. asyncssh handles all connections asynchronously so the UI stays responsive during scans.
No agents on managed hosts
Managed hosts need SSH access with key-based auth and passwordless sudo for package commands. That is all. Nothing else is installed.
QuietKeep Server Managed Hosts +----------------------+--+-->+----------------------+ | React Frontend | | | apt / pacman | | FastAPI Backend | | | docker compose | | SQLite Database | | | No agents needed | | APScheduler (scans) | | +----------------------+ +----------------------+ | +----------------------+ +-->| pacman | | docker compose | | No agents needed | +----------------------+
Tech Stack

Built on proven open source tools

No proprietary runtimes or vendor lock-in. Every dependency is a well-maintained open source project.

Backend
Python
3.12
API
FastAPI
0.135.3
Frontend
React
19.2.4
Styling
Tailwind CSS
4.2.2
Build
Vite
8.0.4
SSH
asyncssh
2.22.0
Database
SQLite + SQLAlchemy
2.0.49
Scheduling
APScheduler
3.10.4
Project Status

v1.1.0 Released

All core features are shipped and running in production. QuietKeep is open source and available on GitHub.

Shipped in v1.1.0 11
Host tags for organizing hosts by role, location, or environment
Bulk Patch All hosts with per-host error surfacing
Recent activity feed with color-coded timeline
Patch history export (per-host CSV and fleet-wide Excel)
Disk usage monitoring with color-coded thresholds
Clickable metric tiles with pre-filtered navigation
Tag management in Settings with 10 preset colors
Tags card on Home linking to filtered Dashboard
Host count badges on filter tabs and active filter chips
Relative timestamps in activity feed
User Guide accessible from About and Help page
Shipped in v1.0.0 13
Multi-distro host management (apt, pacman, kali, proxmox)
One-click scanning and patching with full log capture
Docker stack discovery and one-click updates
Dashboard with filter cards, patch history, and reboot detection
Single-user authentication with JWT sessions
Optional TOTP two-factor authentication
Fleet-wide Diagnostics page (OS, kernel, uptime, sudoers)
First-run wizard with SSH key generation and key deployment
Threat Intel dashboard with CISA KEV catalog and ransomware tracking
Settings page with theme support and SSH configuration
Help page with searchable FAQ
Version detection and About page
Docker Compose deployment with auto-generated HTTPS
Planned 5
Email and webhook notifications for available updates
Selective patching (choose which packages to update)
Multi-user support with roles
Pre-built Docker images on GitHub Container Registry
Linux-aware CVE cross-reference (NVD API, Ubuntu/Debian trackers)
Requirements

What you need to run it

QuietKeep is lightweight. It runs comfortably on a small VM or any spare Linux box on your network.

QuietKeep server

Component Minimum Recommended
CPU 2 cores 4 cores
RAM 2 GB 4 GB
Disk 10 GB 20 GB+
Docker Docker Engine 24+ Docker Engine 27+
OS Ubuntu 22.04+ / Debian 12+ Ubuntu 24.04
Managed hosts
SSH access with key-based authentication enabled
Passwordless sudo configured for package manager commands
One of: apt (Debian/Ubuntu/Kali), pacman (Arch/CachyOS), or Proxmox VE package tools
Docker features require Docker Engine 20.10+ with the Compose v2 plugin
Nothing else is installed on managed hosts

Get started

QuietKeep is free, open source, and ready to deploy. Clone the repo and run a single Docker Compose command.

Star on GitHub
References
Python FastAPI React Tailwind CSS Vite asyncssh SQLAlchemy APScheduler SQLite Lucide React Uvicorn