QuietKeep: Self-Hosted Patch Management and Docker Updates Over SSH

Development & Code
, , , ,
1

Manage Linux patches and Docker stack updates across your entire fleet from one dashboard. No agents required.

I built QuietKeep because I got tired of SSH-ing into 18 hosts one at a time to run updates. Every patch Tuesday was the same routine: connect, apt update, check what needs upgrading, apply it, check if a reboot is needed, move to the next box. Multiply that by Docker stacks on half of them and it becomes a full afternoon.

So I built a tool that does it from one screen.

What QuietKeep Does

QuietKeep is a self-hosted web dashboard that connects to your Linux hosts over SSH and handles two things:

System Patching

  • Scan all hosts for available package updates
  • Apply security patches with one click
  • Track patch history per host with full log output
  • Detect when a reboot is needed after kernel updates
  • Supports Debian, Ubuntu, Kali, Arch, CachyOS, and Proxmox VE

QuietWire-QuietKeep-System-Patches

Docker Stack Management

  • Discover Docker Compose stacks automatically on any host
  • Detect when container images have newer versions available
  • Update stacks with one click
  • View update history with full logs and release note links

QuietWire-QuietKeep-Docker-Stacks

How It Works

QuietKeep runs on one host and connects to the rest over SSH using key based auth. It runs standard system commands (apt, pacman, docker compose) remotely. Nothing gets installed on the managed hosts.

Other Features

  • Threat Intelligence Built-in CISA KEV catalog. Filter by vendor, threat actor, or time range. Tracks ransomware linked CVEs.
  • Host Tags Organize hosts by role, location, or environment with colored labels and filtering.
  • Bulk Patching Patch all hosts at once with per-host error surfacing.
  • Fleet Diagnostics Sortable table showing OS, kernel version, uptime, reboot status, disk usage, and sudoers config.
  • Patch History Export Per-host CSV or fleet-wide Excel with per-host tabs.
  • Activity Feed Color coded timeline of scans, patches, reboots, and Docker updates.
  • Security Single user auth with bcrypt passwords, JWT sessions, and optional TOTP 2FA.
  • First Run Wizard Walks you through SSH key generation, host import, key deployment, and pre-flight checks.
  • Light/Dark/System Themes Stored per user, applied instantly.

Getting Started

git clone https://github.com/QuietWireDev/QuietKeep.git ~/quietkeep
cd ~/quietkeep
docker compose up -d --build

Open https://YOUR_SERVER_IP in your browser. The first run wizard handles the rest.

For a full walkthrough including Docker installation, firewall setup, and reverse proxy configuration, see the User Guide.

Requirements

QuietKeep Server Managed Hosts
Docker Engine 20.10+ with Compose v2 SSH access with key based auth
1 CPU, 1GB RAM, 2GB disk Passwordless sudo for package commands
Any Linux distro Docker Engine 20.10+ (for Docker features)

Links

QuietKeep is open source under AGPLv3. Built by QuietWire.

Published May 10, 2026 at 4:45 PM EST