Secure, automated deployments for resource-constrained and edge environments. Features Docker Compose orchestration, AI model management, and compliance enforcement in a single, minimal-footprint agent.
Everything you need for modern, remote Docker deployments — from GitOps automation to AI model fleet management.
Repository polling, webhook triggers, and multi-branch deployments across environments. Features secure authentication, application auto-discovery, and a lifecycle event system for orchestration.
Orchestration with environment-specific profile activation and variable injection. Supports rolling, blue-green, and canary deployment strategies with direct Docker API communication and health checks.
Automated deployment of AI models across device fleets via Docker Model Runner. Supports llama.cpp and vLLM inference engines with OpenAI-compatible APIs, health monitoring, and resource management.
Optimized for constrained networks. Features offline mode for graceful outage handling, multi-site synchronization, and token-bucket bandwidth control to manage resource utilization.
Automatic update checking with Ed25519 signature verification for binary authenticity. Includes health-check based automatic rollback, zero-downtime binary replacement, and update history tracking.
Native Prometheus metrics endpoint, Loki log streaming integration, and OpenTelemetry tracing support. Monitor deployments, container health, and agent performance in real time.
Version-tracked configurations with a built-in diff engine, rollback validator, and Git sync. Fleet-wide templates let you push consistent settings to every device at once.
Priority queue for Docker image pre-pulls with bandwidth control and automatic cache cleanup. Ensures containers are ready before deployment windows open, minimizing downtime.
Schedule deployments with cron expressions. Define recurring maintenance windows, one-time overrides, and black-out periods to deploy on your terms — not on every push.
Six-phase security architecture and eight compliance frameworks — hardened from the ground up.
All credentials and secrets encrypted at rest. Credential health monitoring with rotation alerts and expiration tracking.
Enterprise single sign-on with PKCE flow, JWKS caching, RS256 verification, silent token renewal, and automatic user provisioning.
Hub deploys with HSTS (1-year), secure cookies, and SSL redirect out of the box. Agent-to-Hub communication secured with mTLS.
Tamper-proof audit trail with Ed25519-signed log entries. Complete deployment history for forensic and compliance review.
Container vulnerability scanning with CycloneDX and SPDX SBOM generation. Dedicated SBOM Dashboard in the Hub for supply-chain visibility.
Token-bucket rate limiting, CORS policies, comprehensive input validation, and bearer-token API protection across all endpoints.
A typical GitOps deployment flow — from git push to running services, with centralized Hub oversight.
Push triggers change
Poll / webhook detect
Strategy & health checks
Your applications, live
Fleet dashboard, config, AI models, compliance
Built with Rust — zero production panics, 11 domain error enums, intelligent retry logic.
Centralized fleet management and monitoring. Powered by Django with a React frontend, the Hub gives you a single pane of glass for every device in your fleet.
Live fleet overview, deployment history & analytics
Pull, deploy & monitor models across devices
8-framework reports, SBOM dashboard & PDF export
Version-tracked config, release publish pipeline
Up and running in minutes.
Also available via Homebrew and as a Proxmox LXC deployment with dual GHCR/source install modes.
Install MicroCD with the one-line installer or from source.
Generate a configuration file:
microcd --generate-config microcd.yaml
Point it at your Git repo and run:
microcd --config microcd.yaml
Access the local web dashboard:
http://localhost:8080
Scale with confidence from a handful of devices to a global fleet.
Organization-isolated tenants with role-based access control via Zitadel. Admin UI for user and team management.
Generate compliance reports for SOX, GDPR, HIPAA, PCI DSS, NIST CSF, ISO 27001, NIS2, and the EU Cyber Resilience Act. Export to PDF.
Production-hardened SSO with PKCE, JWKS caching, RS256 verification, silent token renewal, and runtime config injection.
79 integration points in the deployment pipeline for pre/post deploy scripts, notifications, and custom automation.
Execute commands inside running containers with Bollard stream multiplexing. Capture real stdout, stderr, and exit codes.
Complete publish command with multipart registry upload. Supports update channels, Ed25519 signing, and the full release lifecycle.
From cloud VMs to Proxmox LXC containers — MicroCD fits your infrastructure.