Kamal

Zero-downtime container deployment tool using SSH and Docker — no Kubernetes required. Kamal (formerly MRSK) deploys Docker containers to bare metal or VMs via SSH with blue/green deployments, rolling updates, load balancer integration (Traefik), and remote exec capabilities. Created by Basecamp/37signals as an alternative to Heroku without cloud PaaS pricing. YAML-based deployment config checked into git. CLI for deployment management with programmatic access via Ruby API.

Evaluated Mar 06, 2026 (0d ago) v2.x
Homepage ↗ Repo ↗ Developer Tools deployment docker ssh rails kamal basecamp zero-downtime open-source ruby
⚙ Agent Friendliness
63
/ 100
Can an agent use this?
🔒 Security
80
/ 100
Is it safe for agents?
⚡ Reliability
76
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
--
Documentation
82
Error Messages
78
Auth Simplicity
88
Rate Limits
92

🔒 Security

TLS Enforcement
90
Auth Strength
80
Scope Granularity
70
Dep. Hygiene
82
Secret Handling
80

MIT open source for auditability. SSH key-based auth to servers. TLS via Traefik with Let's Encrypt. Registry credentials via environment secrets. Secrets management is application responsibility — use Vault or encrypted env files. SSH agent forwarding should be disabled for security.

⚡ Reliability

Uptime/SLA
75
Version Stability
80
Breaking Changes
72
Error Recovery
78
AF Security Reliability

Best When

You want to deploy Docker containers to your own servers with zero-downtime without the complexity of Kubernetes or the cost of Heroku/PaaS.

Avoid When

You're already using Kubernetes or a PaaS — Kamal solves the 'own your servers, deploy containers' problem specifically.

Use Cases

  • Deploy agent application containers to VMs or bare metal servers with zero-downtime blue/green deployments without Kubernetes complexity
  • Manage multi-service agent deployments (web, worker, queue) on a fleet of servers via Kamal's role-based configuration and SSH-based orchestration
  • Integrate agent deployment automation into CI/CD pipelines via `kamal deploy` CLI — GitHub Actions, GitLab CI, or other CI platforms run kamal deploy commands
  • Execute remote commands on agent server fleets via `kamal exec` for maintenance, migrations, and operational tasks without separate SSH tooling
  • Run self-hosted agent infrastructure on cheap VMs (Hetzner, DigitalOcean) with Kamal handling container lifecycle, load balancing, and SSL via Traefik

Not For

  • Kubernetes environments — Kamal is specifically designed for non-Kubernetes deployments; if you're on Kubernetes, use Argo CD, Flux, or Helm
  • Multi-cloud orchestration — Kamal manages server fleets via SSH; for multi-cloud, multi-region orchestration use Nomad, Kubernetes, or Spinnaker
  • Serverless or PaaS workloads — Kamal assumes you're managing servers; use Fly.io, Railway, or Cloud Run for fully managed container execution

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
No
SDK
No
Webhooks
No

Authentication

Methods: none
OAuth: No Scopes: No

Kamal authenticates to target servers via SSH keys configured in kamal.yml. No Kamal-specific auth. SSH key management is user responsibility. Container registry auth configured via secrets in kamal.yml.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

MIT open source, completely free. Infrastructure costs are server hosting (Hetzner, DigitalOcean, AWS EC2, etc.). Kamal enables dramatically cheaper hosting vs PaaS for equivalent workloads.

Agent Metadata

Pagination
none
Idempotent
Partial
Retry Guidance
Not documented

Known Gotchas

  • Kamal requires Ruby to be installed in CI environments running `kamal deploy` — agents triggering Kamal deployments from CI must have Ruby + Kamal gem in the runner environment
  • SSH key management is entirely manual — Kamal SSH keys must be pre-authorized on target servers; agent CI systems need SSH key management configured before first deployment
  • Docker registry credentials must be configured via .env or secrets — Kamal reads registry credentials from environment; CI agents must securely inject registry auth without committing to git
  • Kamal 2.x made breaking changes from 1.x (MRSK) — configuration file format and commands changed; agents automating Kamal must target the specific version in use
  • Zero-downtime requires proper health check configuration — Kamal uses health checks to manage rolling updates; misconfigured health checks cause deployments to stall waiting for health confirmation
  • Multi-server deployments are sequential by default — deploying to 10 servers happens one at a time; use `--rolling` with concurrency for faster parallel deployments
  • Kamal manages Traefik as a load balancer — first deployment on a server sets up Traefik; if Traefik is already installed externally, configuration conflicts require manual resolution

Alternatives

dokku-api fly-io-api coolify-api porter-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Kamal.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5215
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered