Might as well call it Zerops 3.0 — huge updates and what's next

After the last update in April 2025, we had a decision to make. Zerops had found its audience — hundreds of developers running projects of all sizes, 99.9998% uptime of user applications, and people appreciating exactly what we'd focused on: flexibility, affordability, scalability and developer experience. Our philosophy seemed to resonate:

Where others optimize for simplicity, Zerops optimizes for understanding.

What you're running, what it costs, how it's configured — transparent by default, not obscured until something breaks.

Where others remove access to reduce complexity, Zerops gives you depth without forcing it.

One-click deploy works fine. But SSH, logs, config, topology — it's all there when you need it.

Where others go zero-config, Zerops goes sensible config.

Configuration isn't the enemy. Bad defaults you can't inspect or override are. Zerops gives you readable, documented YAML with sensible defaults you can always change.

But the platform was still missing a few things that mattered — multi-region, a proper role system, and modern auth (passkeys, 2FA, U2F). These gaps trace back to 2020, when we chose to build Zerops from the ground up — system containers instead of Kubernetes, no big cloud abstraction layer underneath. We started from our own datacenter and inherited the auth layer of our parent company at the time. That gave us the architecture and speed we wanted early on, but it meant multi-region and auth couldn't just be bolted on later — they had to be rebuilt from scratch.

So instead of pushing growth on an incomplete platform, we went quiet and built. Now we're ready. On the first of March 2026 we launched the US-East region (US-West and Asia are weeks away), the table stakes features are done, and our new website capturing the philosophy is up.

Here's everything we've added and improved since April 2025.

• Multi-region
• 2FA, Passkeys & user tokens
• Roles, permissions & integration tokens
• Domains & routing
• Advanced observability
• Backup management
• Build & egress reporting
• Logs improvements
• PostgreSQL
• Recipe system & onboarding
• Other improvements
• What's next
• A big thank you

Multi-region

US region is live. You choose EU or US when creating a project. Funny how something that required a major rewrite of every single layer of the platform can be summarized in so few words and just a single toggle in the UI. More regions are coming, but a US presence was the critical first step. Other variations of multi-region like edge multi-region are coming later this year.

2FA, Passkeys & user tokens

The new auth system supports FIDO2/WebAuthn passkeys — hardware keys, biometrics, whatever your device supports. On top of that, TOTP-based 2FA via authenticator apps, sudo mode that re-authenticates you before sensitive operations like managing 2FA settings, and personal access tokens you can generate and manage from the settings for use with the CLI, API, or any automation you need.

Roles, permissions & integration tokens

Four roles — Owner, Admin, Developer, Guest — with organization-wide defaults and per-project overrides. An Admin who needs full access to dev projects but read-only on production? Set an override on the production project. A contractor who should only see one project? Invite them as Guest, grant access to that project, revoke when they're done.

The part we're most happy about is integration tokens. These are tied to your account but scoped to exactly the access level you choose — full access to all projects, read-only, or custom per-project permissions. Perfect for CI/CD pipelines, GitHub Actions, GitLab CI, deployment scripts. The token value shows once, you store it, and it works until you regenerate or delete it. No more passing around personal credentials.

Domains & routing

We overhauled domain management — new DNS workflow and a redesigned UI. But there are two bigger changes here.

First, there's a new project-level routing & access page that gives you a single view of everything networking-related for your project — L3 balancer with IP addresses, egress graph, direct IP access to services, HTTP balancer configuration with all your domain routes, VPN access, and registered SSH public keys. Before, this information was scattered across service-level settings. Now there's one page for the full picture.

Second, each route now has its own advanced configuration. Every location ({domain}/path → service:port) can be individually configured with redirects (with options to preserve path and query), IP-based access policies (allow/deny by CIDR block), rate limiting (per IP or per domain, with burst handling), basic auth, and custom content responses. Previously this kind of thing meant asking us or hacking around it.

The L7 balancer itself is also fully configurable now — connection handling, client request settings, buffer sizes, proxy settings, gzip, WebSocket support, all exposed per project.

For context, in Zerops, every projects get its own dedicated internal infrastructure with L3/L7 balancer that is independent from Zerops control plan, so it keeps working even if parts of Zerops don't.

Advanced observability

You could always run ELK or Prometheus on Zerops, but now there are first-class observability recipes. Deploy a full logging or monitoring stack with a single click — properly configured for the platform, with the right resource allocations and service connectivity. We also added the Advanced Observability section inside project settings, where you can configure log forwarding to external systems and set up metrics and tracing exports.

If you're running anything serious, you probably want one of these running alongside your project.

Backup management

Zerops always did automatic daily backups, but you couldn't really control them. Now you can. Custom backup frequency — daily, weekly, monthly, or a custom CRON expression. Retention policies you actually configure — how many daily, weekly, and monthly backups to keep, maximum total backups per service, storage limits. Protected tags that prevent specific backups from being auto-deleted, no matter what the retention policy says.

You can also create manual backups from the UI or CLI (zcli backup create myservice --tags pre-deploy,protected), download them, and manage them per-service. Backups are encrypted end-to-end with per-project X25519 keys.

Build & egress reporting

You can now see egress graphs and spend tracking directly in the dashboard. Builds and egress are billed separately from resources, and before this, it wasn't always obvious what was generating costs. Now you can see the breakdown and track it over time.

Logs improvements

Two things. Log search — you can now filter and search directly in the log output instead of scrolling through everything hoping to spot what you need. And format switching — logs can be viewed as plaintext, RFC 3164, or RFC 5424 syslog formats, switchable in the UI. Useful when you need structured fields for debugging versus just eyeballing output.

PostgreSQL

Postgres got dedicated attention this cycle. Direct IP access with TLS — you can now connect to Postgres externally over IPv4 or IPv6, with TLS termination handled by PgBouncer. Read replicas have a dedicated read port (5433), so you can split read/write workloads by pointing reads to a different port without any application-level routing. TimescaleDB and json_schema extensions are available. And general stability improvements across the board for HA setups.

Recipe system & onboarding

We rebuilt the entire recipe and onboarding system — it's now the primary way you encounter Zerops. Environment presets that map to real infrastructure differences, recipe cards that show full topology and exact pricing before deploy, post-deploy guidance that adapts to what you deployed. But this deserves its own writeup — it's less a feature and more a fundamental rethinking of how the platform presents itself to new users.

Other improvements

Pipeline triggers: You can now trigger and re-trigger build pipelines from the service detail, using a public git repository or custom pipeline configuration. Re-trigger the last pipeline with different env variables.

Dark mode: Full dark theme across the entire dashboard.

Environment isolation: Services now default to strict variable isolation — each service can only access its own variables and must explicitly reference others. You can configure this per service, or set the default for the whole project and override it on individual services where needed.

Static service headers: The static service now supports custom headers and a cors shorthand in `zerops.yml`:

zerops:
  - setup: app
    run:
      base: static
      routing:
        cors: "'*' always"
        headers:
          - for: /*
            values:
              My-Custom-Header: Hello

zCLI: push creates projects and services inline if they don't exist. New project env command for managing env vars from the terminal. Project scoping so you stop passing project IDs everywhere. New VPN subcommands (vpn clear, vpn key), macOS DNS resolver fixes, .deb packages for Debian/Ubuntu.

New service versions: Node.js 24, Python 3.14, PHP 8.5 (Ubuntu & Alpine), Bun 1.4, PostgreSQL 17 & 18, Elasticsearch 9.2, ClickHouse, Meilisearch 1.20, NATS v2.12.

Dashboard QoL: Connection strings copy with credentials, env var key/value pairs copy cleanly, all service ports visible in basic info, webshell saves bash history, destructive actions require confirmation, documentation links throughout the app, editable project-generated env vars.

What's next

Now we're ready to start promoting Zerops. You can expect to hear from us more frequently as well as meet us at various conferences throughout the year. Our team recently tripled in size, including Francesco, who will lead our DevRel effort.

From the product side we also have a couple more exciting features in store:

Zerops Control Panel (ZCP)

AI coding agents — Claude Code, Cursor, Codex, OpenCode — are fundamentally developers. They write code, test it, iterate, and deploy. But the infrastructure most developers use for AI-assisted development forces agents into sandboxes and mocks, producing code that "works" in isolation but fails in production.

ZCP is a container running inside your Zerops project — a high-level prompt and MCP server that gives your AI agent SSH and filesystem access to your real dev and staging services over the project's private network. Same managed Postgres, same Redis, same S3, same deployment pipeline. The agent develops against real infrastructure, verifies through zcli push to staging, and hands off production-ready code — no mocks, no environment drift.

Expect to hear more about this very soon, with public preview aimed at May.

Notification system

You'll be able to select the frequency and granularity of the notifications and alerts you receive, as well as set up webhooks to send them wherever you need.

Edge multi-region

Right now our multi-region allows you to run whole projects inside a selected region, which is great if your visitors are largely from a single continent. But there are obviously use cases where your visitors are from all over the world. For these we'll add the ability to run containers of a single service across multiple regions — using the same long-running, system containers-based approach. Think your API service responding from the closest server, your databases having read nodes in the nearest region.

Massive improvements to managed services

Starting with Postgres and MySQL (MariaDB), we plan a multitude of improvements, including profiles, advanced performance tuning, point-in-time backup / recovery, cloning / forking, as well as AI-based optimization suggestions.

Open source software recipes

Currently our recipe system focuses on runtime languages and frameworks — the things you build on top of. But equally important is running open source software that you just utilize: auth, observability, community, analytics, project management, backend-as-a-service.

These projects always provide a self-hosted option, but oftentimes it's just a Docker image and docker compose up — great for testing locally, unusable for serious production. We want to provide these applications as one-click deployments in a production-ready setup, with a guide on how to maintain, upgrade and operate the software.

A big thank you

Lastly, I want to thank the hundreds of developers who found and started using Zerops even while we were hidden in the shadows, and helped us prove that there is this middle ground between easy-to-use magic box visual modern cloud platforms and complex big cloud / custom Kubernetes setups.

If you are new to Zerops, sign up at https://app.zerops.io/registration, or if you tried Zerops before and ran out of credits, shoot us an email at dev@zerops.io with the email you've registered with and we'll give you a refill.

See you at the starting line, Aleš, Honza and the Zerops team.