proof, not logos

We're pre-launch. So here's the proof.

HostSSH hasn't shipped a public release yet, so we won't parade fake customer logos at you. What we can show is harder to fake: a real engine that already captures and restores entire servers, run against our own production fleet before it ever runs yours.

the round-trip

One command. A whole box. Every row accounted for.

The HostSSH engine performed a real capture → R2 → restore round-trip across a live fleet: a complete data box snapshotted into one encrypted image and rebuilt onto a fresh server, every database verified to the row. These numbers come from that drill — not a deck.

The same capture, backup and relocate paths now run on a schedule. The proof is the product.

14/14

databases restored

100%

row-count match

layers captured

command

case study · fleet clone

A live data box, cloned onto a fresh server — .211 → .223

Our reference drill captures the full machine across six layers — the Coolify brain and its APP_KEY, every application database, volumes, system config, sidecars, and a manifest — into a single encrypted restic snapshot in Cloudflare R2.

That snapshot was then restored onto a brand-new box with an IP-rewrite pass, and all 14 databases came back with matching row counts. The capture scripts are kept as the integration-test oracle: the Go port must produce byte-equivalent restores on the same fixtures.

Six layers captured into one encrypted image
Point-in-time consistency via a pause-deploys hook
IP-rewrite as a first-class, audited restore pass
WireGuard off by default on restore — a safety invariant

capabilities · validated

The hard parts are already built and proven

The platform isn't a wireframe with a waitlist. The pieces customers actually depend on for trust are implemented and exercised on our own fleet today.

ed25519-signed license tokens verified offline by the agent — no phone-home to unlock day-to-day features
One-time, scoped transfer keys for moving a workload, instead of handing over standing credentials
Boot-time, forward-only schema migrations with a least-privilege migrator role and a self-explaining ownership error
Encrypted before it ever leaves the source host — every image is sealed at the source; the storage model is bring-your-own bucket (R2/S3/B2), so your data stays in custody you control
Emergency restore even on an expired license — your ability to get your data back is never revocable

why trust us

Dogfooded on a real production fleet

HostSSH is built by Sevak Girard at Girard Media. The engine began life as our own internal fleet scripts and still runs our production servers — the deploy, backup, clone and relocate paths run our real infrastructure before they run yours.

Coolify deploys your apps; HostSSH runs your server— and makes the whole thing portable, restorable, and impossible to hold hostage. We'd rather earn that reputation on verifiable engineering than borrow it from a wall of logos we haven't earned yet.

Built from battle-tested fleet automation, not a fresh prototype
Every consequential action written to an append-only audit log
Portable images you can restore yourself — your data, your bucket, your exit

built on proven infrastructure

Standing on technology you already trust.

HostSSH doesn't reinvent the foundations — it builds on the same battle-tested infrastructure that runs the modern web, and stays compatible with the storage you already own.

Cloudflare R2object storage

PostgreSQLmanaged databases

resticencrypted snapshots

WireGuardprivate mesh

Dockerapp + sidecar capture

Let's EncryptTLS

S3 · B2 · MinIObring-your-own bucket

ed25519signed licensing

early access

See the proof become your default.

HostSSH is in private build on a real production fleet. Get on the early-access list and put your servers somewhere they can be captured, restored and relocated in one command — and never held hostage.

Request early access →Read the security model