Screenshots
See it in action
A modern, intuitive interface designed for productivity.
Warning: May cause sudden urges to containerize everything.
A powerful, intuitive Docker platform. Free for homelabs, ready for enterprise.
We think you'll like it here.
SQLite by default, runs on a Raspberry Pi, zero telemetry, free forever. Self-host everything without the complexity.
OIDC/SSO included free, container activity logging, Git-based deployments, premium support. Everything your team needs without the enterprise price tag.
RBAC, LDAP/AD integration, compliance-grade audit logging, and priority support. Everything you need to satisfy compliance requirements.
One command. No config files. No setup wizards, no 47-page README.
docker run -d \
--name dockhand \
--restart unless-stopped \
-p 3000:3000 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v dockhand_data:/app/data \
fnsys/dockhand:latestThen open http://localhost:3000. Or put it behind Traefik, Nginx, Caddy, a Kubernetes ingress, three load balancers, and a VPN tunnel. We don't judge.
Prefer Docker Compose?
services:
dockhand:
image: fnsys/dockhand:latest
container_name: dockhand
restart: unless-stopped
ports:
- 3000:3000
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- dockhand_data:/app/data
volumes:
dockhand_data:Need PostgreSQL?
services:
postgres:
image: postgres:16-alpine
restart: unless-stopped
environment:
POSTGRES_USER: dockhand
POSTGRES_PASSWORD: changeme
POSTGRES_DB: dockhand
volumes:
- postgres_data:/var/lib/postgresql/data
dockhand:
image: fnsys/dockhand:latest
ports:
- 3000:3000
environment:
DATABASE_URL: postgres://dockhand:changeme@postgres:5432/dockhand
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- dockhand_data:/app/data
depends_on:
- postgres
restart: unless-stopped
volumes:
postgres_data:
dockhand_data:From simple container operations to complex multi-environment deployments.
Even that one container you forgot about three months ago.
Authentication is free. RBAC is enterprise. No calculator required.
| Feature | Free | SMB | Enterprise |
|---|---|---|---|
| Unlimited environments | ✓ | ✓ | ✓ |
| Container & stack management | ✓ | ✓ | ✓ |
| Git repository integration | ✓ | ✓ | ✓ |
| Vulnerability scanning | ✓ | ✓ | ✓ |
| Local user accounts | ✓ | ✓ | ✓ |
| OIDC/SSO | ✓ | ✓ | ✓ |
| Multi-factor authentication | ✓ | ✓ | ✓ |
| Container activity log | ✓ | ✓ | ✓ |
| Commercial usage license | — | ✓ | ✓ |
| Premium support | — | ✓ | ✓ |
| Priority bug fixes | — | ✓ | ✓ |
| LDAP/Active Directory | — | — | ✓ |
| Role-based access control | — | — | ✓ |
| Environment-scoped permissions | — | — | ✓ |
| Audit logging (compliance) | — | — | ✓ |
| Price | $0 forever | $499/host/year | $1,499/host/year |
| Buy me a coffee |
Host = one machine running Dockhand. Volume discounts available for 5+ hosts.
No cloud dependencies, no telemetry, no data leaving your network. Solid base.
Paranoid? We prefer "security-conscious."
Dockhand runs entirely on your infrastructure. No SaaS, no cloud dependency, no vendor lock-in. Your data never touches our servers.
We don't phone home. No usage tracking, no analytics, no mysterious background connections. Your Docker environment stays private.
SQLite by default, optional PostgreSQL for HA. No Redis, no message queues. Simple deployment, minimal attack surface.
Scan your images for CVEs using Grype and Trivy. Identify security risks before deployment.
Safe-pull protection: During auto-updates, new images are pulled to a temporary tag and scanned before touching your running containers. If vulnerabilities exceed your criteria, the temp image is deleted and your container keeps running safely.
We don't trust pre-built base images. Dockhand builds its own OS layer from scratch using Wolfi packages via apko. Every package is explicitly declared in our Dockerfile - full transparency, zero mystery meat.
While others ship Alpine with 10+ CVEs, we obsess over our own image security. Because a Docker management tool with vulnerabilities is like a locksmith with a broken door. We scan ourselves too.
Our open-source Go agent lets you manage Docker hosts behind NAT, firewalls, or dynamic IPs. The agent initiates outbound connections to Dockhand - no exposed ports, no inbound firewall rules needed.
A modern, intuitive interface designed for productivity.
Warning: May cause sudden urges to containerize everything.
See what our users are saying.
"After trying Dockhand in my lab and comparing features toe to toe with other tools I am currently using, I can honestly say it is one of the best that I have used. It is extremely easy to use, intuitive, and it puts docker management tool security in focus where it should be."
"Perfect for my homelab. It's lightweight, actively maintained, and has all the features I need. Love the terminal access and real-time log streaming!"
"The LDAP integration was a game-changer for our team. Set it up in 10 minutes and now all our developers have proper access control."
"Dockhand wants to be a Portainer replacement, and it might already be there."
"Dockhand is bursting onto the scene with impressive force, bringing a breath of truly fresh air to a world that, let's be honest, had started to feel a bit stagnant."
"Dockhand is incredibly handy to have around."
"The easiest way I've found to manage and update Docker containers."
Free forever. No, really. No bait-and-switch.
Like it? Fuel the dev with caffeine.
For commercial use. Growing teams, happy CFOs.
When compliance asks "is it enterprise-ready?" and you want to say yes.
The full list also included equally weak choices like , monkey , sunshine , princess , azerty , and 000000 .
In April 2013, OldGropers.com was still a relatively popular platform, with a dedicated user base. The site allowed users to create accounts, which included a username and password, in order to access exclusive content and engage with other members. However, at the time, password security was not as robust as it is today. Many users opted for weak and easily guessable passwords, which put their accounts at risk of being compromised.
# Simplified example to illustrate the core logic of a credential stuffing attack. import requests
If you are looking for this data because you are concerned about your own past security, there are safer ways to check your exposure: Identity Monitoring: Use reputable services to see if your email was in a leak. Password Managers:
If you are concerned that your own information from that era was compromised, tools like the Have I Been Pwned database allow you to check if your email was part of the Adobe, Yahoo, or other historical breaches.
This specifies a exact timestamp. In the context of data dumps, this usually signifies the exact month and year a specific database leak, forum scrape, or configuration change occurred.
In conclusion, prioritizing password security and best practices is essential in protecting your online identity. By creating strong, unique passwords, using a password manager, and enabling 2FA, you can significantly reduce the risk of your accounts being compromised. Stay safe online by following these helpful tips and staying informed about the latest online security threats.
Yes, plain text – meaning anyone who obtained the data could read every single password directly, without any need for cracking or decryption.
OldGropers.com eventually shut down in 2014, due to a combination of factors, including the data breach and increased pressure from law enforcement. The site's demise was a significant blow to the online community, and it highlighted the need for sites to prioritize user data and implement robust security measures.
In the world of account sharing, "freshness" was everything. A login that worked in March was likely banned by April. When people appended a month and year to their search, they were performing a digital "carbon dating." They didn't just want any access; they wanted the "better" version—the one that hadn't been flagged or changed yet. 3. The "Better" Hunt
Get started in 30 seconds. No credit card required.
Finally, a UI that sparks joy.
The full list also included equally weak choices like , monkey , sunshine , princess , azerty , and 000000 .
In April 2013, OldGropers.com was still a relatively popular platform, with a dedicated user base. The site allowed users to create accounts, which included a username and password, in order to access exclusive content and engage with other members. However, at the time, password security was not as robust as it is today. Many users opted for weak and easily guessable passwords, which put their accounts at risk of being compromised.
# Simplified example to illustrate the core logic of a credential stuffing attack. import requests
If you are looking for this data because you are concerned about your own past security, there are safer ways to check your exposure: Identity Monitoring: Use reputable services to see if your email was in a leak. Password Managers:
If you are concerned that your own information from that era was compromised, tools like the Have I Been Pwned database allow you to check if your email was part of the Adobe, Yahoo, or other historical breaches.
This specifies a exact timestamp. In the context of data dumps, this usually signifies the exact month and year a specific database leak, forum scrape, or configuration change occurred.
In conclusion, prioritizing password security and best practices is essential in protecting your online identity. By creating strong, unique passwords, using a password manager, and enabling 2FA, you can significantly reduce the risk of your accounts being compromised. Stay safe online by following these helpful tips and staying informed about the latest online security threats.
Yes, plain text – meaning anyone who obtained the data could read every single password directly, without any need for cracking or decryption.
OldGropers.com eventually shut down in 2014, due to a combination of factors, including the data breach and increased pressure from law enforcement. The site's demise was a significant blow to the online community, and it highlighted the need for sites to prioritize user data and implement robust security measures.
In the world of account sharing, "freshness" was everything. A login that worked in March was likely banned by April. When people appended a month and year to their search, they were performing a digital "carbon dating." They didn't just want any access; they wanted the "better" version—the one that hadn't been flagged or changed yet. 3. The "Better" Hunt