Deploy. Your kdral guards.
Sleep peacefully.

Cloudflare guards your traffic. Your kdral guards your territory.

Request access. Connect your VPS. Your kdral handles the rest.

From $29/month. Private beta access by invitation.

Request Access Watch Demo
No security expertise needed
Hetzner, DigitalOcean, Vultr & more
Your data stays on your territory
Be Honest With Yourself

You know your territory isn't secure.

You've been meaning to fortify it. Lock the gates. Build the walls. Isolate your apps. But you have a product to build. Security keeps getting pushed to "next week."

Sound familiar?

You haven't configured a firewall properly
Your kdral locks all doors. Only what you allow gets through.
Your apps share everything — one hack, all compromised
Your kdral isolates each app in its own fortress. One falls, others stand.
Secrets in .env files sitting on disk
Your kdral keeps secrets in memory only. Nothing to steal.
No idea if someone's trying to break in
Your kdral watches 24/7. Suspicious activity? You'll know.
Updates and patches? When you remember...
Your kdral keeps the foundation current. Automatically.

Your kdral hunts threats while you sleep

Your kdral handles what you've been avoiding.

One click. Five minutes. Then forget about it and focus on what matters.

Fortified

Walls raised. Every weak point sealed.

Isolated

Each app in its own fortress. No cross-contamination.

Watched

Your kdral never sleeps. Always vigilant.

Stop postponing security.

Your kdral is ready to stand guard. You just have to summon it.

What Your Kdral Does

Your territory gains a guardian.

Guards the Gate

Your kdral demands proof before letting anyone in. Multi-layer authentication for your dashboard. Sessions expire — no loiterers.

Swift Provisioning

Point at an app, your kdral prepares its enclosure. Running in complete isolation within seconds.

NEW

Claims Its Territory

Connect your VPS — your kdral moves in and fortifies it. Every wall raised, every gate secured. Your existing data stays untouched.

Keeps Apps in Their Pens

Your kdral gives each app its own fortress. A breach in one stays contained — the others remain untouched. Complete separation.

Swallows Your Secrets

Your kdral holds secrets in memory alone. Nothing written to disk. Nothing stored. Nothing for thieves to find.

PRO

Watches Every Move

Your kdral sees everything. It monitors and blocks suspicious activity the moment it happens. Always vigilant, always defending.

NEW PRO

Sets Traps

Your kdral lays decoys across your territory. When attackers probe, it knows — and so do you.

Digs Secure Tunnels

Your kdral burrows private paths. No exposed ports. No visible doors. DNS and SSL handled automatically.

Sniffs Out Weaknesses

Your kdral scans every app for known weaknesses before deployment. Dangerous vulnerabilities don't make it past the gate.

Remembers Every State

Your kdral remembers how things were. One command to restore any configuration. Instant. No downtime.

App Catalog

One command.
Any app.

Deploy production-ready apps with a single command. Each runs in complete isolation.

Tested on:
Ubuntu 24.04 LTS
Hetzner Cloud
Deployment Observability Networking Security Analytics

Available Now

K

Komodo

Build and deploy software on many servers

Deployment
U

Uptrace

Open source APM with traces, metrics, and logs

Observability
P

Pangolin

Tunneled reverse proxy with newt client

Networking
I

Infisical

Open source secrets management platform

Security
G

GoatCounter

Privacy-friendly web analytics

Analytics
D

Dokploy

Deploy apps with ease using Docker and Traefik

Deployment
C

Coolify

Self-hostable Heroku/Netlify alternative

Deployment

Coming Soon

n
n8n
G
Ghost
P
Plausible
G
Gitea
V
Vaultwarden
U
Uptime Kuma
G
Grafana
P
PostgreSQL
R
Redis
I
Immich
N
Nextcloud
How it works

From exposed territory to guarded fortress
with zero complexity

01

Request Access

Tell us about your infrastructure. We review and invite qualified teams.

02

Connect Your Territory

Provide your server IP and credentials. Your kdral moves in and fortifies everything.

03

Deploy Apps

Pick any app from the catalog. One click. Running in complete isolation.

04

Sleep Peacefully

Your dashboard shows everything: status, threats blocked, app health, alerts. Your kdral watches while you build.

Pricing

Your guardian. Your terms.

Warhorse hunts. Phantom vanishes. Fleet commands.

Private beta access by invitation. Request your spot below.

Most Popular

Warhorse

Designed to hunt threats

$29 /month

per server

cancel anytime

  • Unlimited apps per server
  • Production-grade fortification
  • Complete app isolation
  • Cloudflare Tunnel + Wildcard subdomains
  • Auto SSL via Let's Encrypt
  • Ephemeral secrets (never on disk)
  • Active vigilance & log collection
  • Decoy systems (traps)
  • Automated response
  • Scheduled weakness scanning
  • Priority email support
  • Continuous security updates
Request Access
Dark Forest

Phantom

The horse that doesn't exist.

$500 /month

per server

  • Everything in Warhorse
  • Dark Forest Architecture — you have no coordinates
  • Crash-Only Design — your kdral dies and rebirths in seconds
  • Ephemeral State — time cannot corrupt what resets
  • Ghost Tunnels — traffic arrives, origin unknown
  • Decoys that feign death — attackers waste time on shadows
  • Direct line to the stable — we answer
Vanish
White Glove

Fleet

Commands the entire territory

Custom

per server

  • Everything in Phantom
  • SSO & LDAP integration
  • Custom security policies
  • Air-gapped deployments
  • Private app catalog
  • Dedicated support engineer
  • On-premise installation
  • Volume discounts
Contact Sales

Compare plans in detail

Feature Warhorse Phantom Fleet
Pricing (per server)
Monthly $29/month $500/month Custom
Updates
Security updates Continuous Continuous Continuous
New threat intelligence
Scale
Territories Unlimited Unlimited Unlimited
Apps included Unlimited Unlimited Unlimited
Defense (Fortification)
Production-grade fortification
Complete app isolation
Protected secrets (RAM only)
Dark Forest (Phantom+)
Zero visible coordinates
Crash-Only Architecture
Ephemeral State
Ghost Tunnels
Decoys that feign death
Vigilance
Log collection
Active vigilance
Decoy systems (traps)
Response
Automated response
Scheduled scans
Networking
Cloudflare Tunnel Unlimited Unlimited Unlimited
Wildcard subdomains
Support
Priority email
Direct line
Enterprise
SSO & LDAP
Air-gapped deployments
Dedicated engineer
All plans include continuous updates. Warhorse hunts threats. Phantom erases your coordinates — you can't attack what doesn't exist.
FAQ

Questions about your guardian

Everything you need to know about your kdral.

How does my kdral move into my VPS?
Request access, paste your server's IP and SSH credentials into the wizard, and click 'Summon'. Your kdral connects to your server and fortifies it automatically. The whole process takes about 5 minutes. No terminal needed — everything happens through your dashboard.
Do I need to install anything on my server?
No. Your kdral connects to your server via SSH and handles everything remotely. You don't need to install any software, run any commands, or touch a terminal. Just paste your server IP into the dashboard wizard.
Is my SSH password/key stored?
Your credentials are used once during the initial setup to configure your server. After that, your kdral uses a dedicated secure connection. Your original credentials are never stored on our systems.
Do I need special technical knowledge?
No. Your kdral handles the complexity. Just paste your server IP into the dashboard, pick an app, and your guardian builds its enclosure. Think of it as having a security expert living inside your territory.
Why is my kdral more secure than containers?
Your kdral gives each app its own isolated fortress with complete separation. Containers share infrastructure—a weakness in one app can spread to all. With your kdral, a breach in Ghost stays contained. Plausible remains untouched.
Can I use my own domain?
Yes. During setup, your kdral digs secure tunnels and configures your domain (e.g., deploy.example.com). Apps are automatically accessible at subdomains with automatic SSL.
How many apps can I deploy?
Warhorse includes unlimited apps per server. Deploy as many apps as your server resources allow — no artificial limits.
Is my data safe if I upgrade or change plans?
Yes. Your apps and data live on YOUR territory, not ours. Your kdral just guards them. Upgrading or downgrading only changes what your guardian can do, never your data.
What support do I get?
Warhorse includes priority email support at support@kdral.com. Phantom and Fleet get a dedicated support engineer.
Can my kdral guard any VPS provider?
Yes. Your kdral works with most modern VPS providers. Hetzner, DigitalOcean, Linode, Vultr, AWS EC2, and most dedicated servers. Minimum: 2GB RAM, 20GB disk.
Do I get continuous security updates?
Yes. All plans include continuous security updates and new threat intelligence. Your kdral stays current with the latest defenses — no gaps, no lapses.
Why is renewal cheaper than the first year?
The first year includes full fortification of your territory — walls raised, gates secured, traps set. Renewal keeps everything sharp with continuous updates and new threat intelligence. The heavy lifting is already done.
What's your refund policy?
No refunds once your kdral begins fortifying your territory. We provision real infrastructure immediately upon purchase — the work starts the moment you summon your guardian.
Can I upgrade to Phantom anytime?
Yes. Your kdral upgrades instantly to Dark Forest architecture. Your fortification history carries over — nothing lost.

Still have questions?

Contact us

Your infrastructure.
Your kdral.

Stop babysitting servers. Start building what matters.

Request access and deploy with confidence.

Request Access

Production-grade security. Battle-tested hardening.

Complete Isolation Runtime Protection Ephemeral Secrets Zero Trust
Self-Hosted Apps Blog

Security and architecture deep dives.

Technical guides on self-hosted apps, security architecture, and secure deployment best practices.

Guide Feb 2026 · 8 min read

Instant Server Conversion: One-Click Security Hardening

Deep dive into how Kdral transforms your server into a hardened, secure deployment platform through the dashboard.

Architecture Feb 2026 · 10 min read

Why We Chose Complete Isolation Over Containers

Containers share resources and Kubernetes needs a team. Learn why complete isolation provides better security for self-hosted apps.

Analysis Feb 2026 · 6 min read

Self-Hosting Cost Analysis: Kdral vs Vercel vs Railway

Detailed cost comparison with real numbers. Save 80%+ by running self-hosted apps with strong security.

Deep Dive Feb 2026 · 12 min read

Inside Kdral: Security Architecture Principles

The design philosophy behind Kdral. How complete isolation, runtime protection, and ephemeral secrets enable secure deployment.

View all posts