In Development

Keep your infrastructure
up to date

QuietKeep is a self-hosted web dashboard for managing Linux system patches and Docker stack updates across all your hosts. Connects over SSH. No agents required on any managed host.

Star on GitHub

QuietKeep dashboard showing host overview with patch status

Supported Linux Distros

SSH

Only Transport Needed

Agents on Managed Hosts

AGPL

Open Source License

What It Does

Everything in one dashboard

QuietKeep handles patch management and Docker stack maintenance across your entire fleet from a single interface.

System Patch Management

Scan hosts for available updates, apply security patches with one click, and track full patch history with log output per host. Detects when a reboot is needed after kernel updates.

Docker Stack Management

Automatically discovers Docker Compose stacks on any host, detects when newer container images are available, and updates stacks with one click. Full update logs and release note links included.

Fleet Overview Dashboard

At-a-glance status for all hosts and stacks in one view. Clickable filter cards let you drill into hosts that need updates, are pending a reboot, or have available Docker image updates.

Multi-Distro Support

Supports Debian, Ubuntu, Kali Linux, Arch, CachyOS, and Proxmox VE. QuietKeep runs the right package manager commands for each host automatically.

Light, Dark, and System Themes

Full theme support built in. Choose light, dark, or follow the system preference. Theme is stored per-user and applied immediately without a page reload.

Threat Intel Dashboard

Built-in CISA Known Exploited Vulnerabilities (KEV) catalog. Filter by vendor, threat actor, or time range. Tracks ransomware-linked CVEs so you know which vulnerabilities matter most.

First-Run Wizard

A guided setup wizard with pre-flight system checks walks you through initial configuration. SSH settings, scan intervals, and theme preferences are all managed from the built-in settings page.

Screenshots

See it in action

These screenshots are from a live homelab environment running QuietKeep in active development.

QuietKeep home dashboard with host status overview

Home dashboard showing all managed hosts and their current patch and Docker status at a glance.

QuietKeep system patches view showing available updates per host

System patches view showing available updates per host with one-click patching and full log output.

QuietKeep Docker stacks view showing discovered stacks and available image updates

Docker stacks view showing auto-discovered Compose stacks and available image updates with one-click stack updates.

QuietKeep Threat Intel dashboard showing CISA KEV catalog with vendor and threat actor filters

Threat Intel dashboard with CISA KEV catalog, vendor and threat actor filtering, and ransomware-linked CVE tracking.

QuietKeep settings page for SSH configuration and scan intervals

Settings page for SSH configuration, scan intervals, and theme preferences.

How It Works

SSH in, nothing left behind

QuietKeep runs on one host and connects to the rest of your infrastructure over SSH. It runs standard OS and Docker commands remotely. Nothing is installed on the managed hosts.

Runs on one server

Deploy QuietKeep once on any Linux host. FastAPI backend, React frontend, SQLite database. No external services needed.

Connects over SSH

Uses key-based SSH authentication to reach managed hosts. asyncssh handles all connections asynchronously so the UI stays responsive during scans.

No agents on managed hosts

Managed hosts need SSH access with key-based auth and passwordless sudo for package commands. That is all. Nothing else is installed.

Tech Stack

Built on proven open source tools

No proprietary runtimes or vendor lock-in. Every dependency is a well-maintained open source project.

Backend

Python

3.12

API

FastAPI

0.135.3

Frontend

React

19.2.4

Styling

Tailwind CSS

4.2.2

Build

Vite

8.0.4

SSH

asyncssh

2.22.0

Database

SQLite + SQLAlchemy

2.0.49

Scheduling

APScheduler

3.10.4

Project Status

Active development

Core features are complete and running in a real homelab environment. The project is being prepared for its first public release.

Completed 9

Multi-distro host management (apt, pacman, kali, proxmox)

One-click scanning and patching with full log capture

Docker stack discovery and one-click updates

Dashboard with filter cards, patch history, and reboot detection

Settings page with theme support and SSH configuration

First-run wizard with pre-flight system checks

Help page with searchable FAQ and bug reporting

Threat Intel dashboard with CISA KEV catalog and ransomware tracking

Docker Compose deployment with auto-detected IP and SSH key management via web UI

In Progress 1

Authentication (single-user login)

Planned 4

Email and webhook notifications for available updates

Selective patching (choose which packages to update)

Host groups and bulk operations

Multi-user support with roles

Requirements

What you need to run it

QuietKeep is lightweight. It runs comfortably on a small VM or any spare Linux box on your network.

QuietKeep server

Component	Minimum	Recommended
CPU	2 cores	4 cores
RAM	2 GB	4 GB
Disk	10 GB	20 GB+
Docker	Docker Engine 24+	Docker Engine 27+
OS	Ubuntu 22.04+ / Debian 12+	Ubuntu 24.04

Managed hosts

SSH access with key-based authentication enabled

Passwordless sudo configured for package manager commands

One of: apt (Debian/Ubuntu/Kali), pacman (Arch/CachyOS), or Proxmox VE package tools

Docker features require Docker Engine 20.10+ with the Compose v2 plugin

Nothing else is installed on managed hosts

Follow the build

QuietKeep is being developed in public. Star the repo on GitHub to get notified when the first release is ready.