DEV.co
Open-Source DevOps · MightyMoud

sidekick

Sidekick is a CLI tool that automates VPS setup and application deployment, enabling bare-metal servers to run production workloads with features like zero-downtime deploys, SSL certificates, and environment secret management. It targets developers who want Fly.io-like experience on affordable self-hosted infrastructure.

Source: GitHub — github.com/MightyMoud/sidekick
7.5k
GitHub stars
162
Forks
Go
Primary language
GPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryMightyMoud/sidekick
OwnerMightyMoud
Primary languageGo
LicenseGPL-3.0 — OSI-approved
Stars7.5k
Forks162
Open issues17
Latest releasev0.6.6 (2024-10-24)
Last updated2026-02-03
Sourcehttps://github.com/MightyMoud/sidekick

What sidekick is

Go-based CLI that orchestrates Docker, Traefik, SOPS, and age to provide infrastructure-as-code for single or multi-app VPS deployments. Handles container image transport, encrypted secret injection, load balancing, and rolling updates via Docker Compose.

Quickstart

Get the sidekick source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/MightyMoud/sidekick.gitcd sidekick# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Self-hosted side project deployment

Streamlines deployment of personal or small-team applications to affordable VPS instances ($8–$20/month) with production-grade features (SSL, zero downtime) without vendor lock-in.

Multi-application VPS consolidation

Allows multiple Dockerized applications to coexist on one VPS with isolated environments, domain routing via Traefik, and independent deployment cycles managed by a single CLI.

Development team avoiding PaaS overhead

Teams seeking direct infrastructure control while avoiding Kubernetes complexity can use Sidekick for rapid iteration: preview environments, zero-downtime deploys, and encrypted secret storage.

Implementation considerations

  • VPS must run Ubuntu LTS with public IP and SSH key access; other Linux distributions not mentioned as supported.
  • Brew dependency on local machine for installing SOPS limits cross-platform portability (macOS/Linux primary; Windows requires WSL).
  • SSL cert setup via Let's Encrypt requires email and valid domain or reliance on sslip.io for testing; certificate renewal automation not explicitly documented.
  • Encrypted .env files use age+SOPS; key rotation, secret versioning, and multi-user access policies are not documented.
  • Preview environments attach to git commit hashes; requires clean git tree and may complicate CI/CD pipelines if not carefully integrated.

When to avoid it — and what to weigh

  • Requires managed database services — Sidekick does not provide out-of-the-box managed databases (PostgreSQL, MySQL); roadmap indicates this is planned but not yet available. Workarounds require manual setup or external services.
  • Need multi-region or HA across VPS instances — Single-VPS focus means geographic distribution, cross-region failover, and multi-datacenter orchestration are not supported. Roadmap mentions 'managing multiple VPSs' but not yet implemented.
  • Enterprise compliance or audit requirements — GPL-3.0 license implies source-code sharing obligations; no clear SOC 2, HIPAA, or PCI-DSS compliance documentation. Requires legal review for regulated workloads.
  • Complex microservices or Kubernetes equivalence — Sidekick is optimized for simple container deployments; complex orchestration, service meshes, or advanced networking policies require manual Docker Compose or move to Kubernetes.

License & commercial use

Licensed under GPL-3.0 (GNU General Public License v3.0). This is a copyleft open-source license requiring that any derivative work or distribution includes source code and remains under the same license.

GPL-3.0 permits commercial use, but imposes strict copyleft obligations: if you modify Sidekick or distribute it (including as part of a service), you must disclose source code and license derivative works under GPL-3.0. If you only use Sidekick as a tool (CLI) without modification or distribution, commercial use is permitted. Requires legal review before embedding in proprietary products or SaaS offerings.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Sidekick automates several hardening steps: disables root login, creates unprivileged sidekick user, installs age+SOPS for secret encryption at rest. However: (1) SSH key security depends on local machine hygiene; (2) secret key material (age private keys) stored on VPS filesystem—review key storage, access controls, and backup practices; (3) TLS cert renewal automation not explicitly documented; (4) no network firewall setup yet (roadmapped); (5) Docker and Traefik security posture depend on image provenance and upstream updates; (6) encrypted .env files provide some protection, but threat model against insider access or VPS compromise not addressed.

Alternatives to consider

Fly.io

Managed PaaS with multi-region deployment, built-in databases, and global load balancing; no VPS management overhead but higher cost and vendor lock-in.

Kamal (by Basecamp)

Docker-based deployment tool with zero-downtime updates and accessory services (databases); requires more manual infrastructure setup but lighter-weight than Kubernetes.

Dokku

Heroku-like platform-as-a-service on your own server; simpler for Git-based deployments and Procfile-driven apps, but less flexible for complex Docker workflows.

Software development agency

Build on sidekick with DEV.co software developers

Sidekick automates VPS setup and container deployment. Review the source code, test with preview environments, and assess GPL-3.0 licensing implications for your use case.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

sidekick FAQ

Can I deploy non-Dockerized applications?
Sidekick requires a valid Dockerfile; legacy apps without containerization must be Dockerized first. Roadmap mentions Docker Compose file support for more complex deployments.
Does Sidekick manage databases?
Not yet. Databases are roadmapped but not implemented. You must manage them manually or use external services (e.g., Managed PostgreSQL on DigitalOcean).
What if I lose my age encryption key?
Not documented. Losing the age private key may lock access to encrypted secrets. Backup and key rotation procedures should be established before production use; contact maintainer or review source code.
Is there a web UI or monitoring dashboard?
No. A TUI for monitoring is roadmapped but not shipped. Monitoring and logs are available via manual SSH/Docker CLI access or external monitoring tools.

Custom software development services

DEV.co helps companies turn open-source tools like sidekick into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source devops stack.

Ready to self-host without complexity?

Sidekick automates VPS setup and container deployment. Review the source code, test with preview environments, and assess GPL-3.0 licensing implications for your use case.