purple is a free, open-source terminal SSH client for managing SSH servers. It reads your ~/.ssh/config and gives you instant search, visual file transfer, command snippets, cloud sync from 16 providers and automatic password management. Single Rust binary for macOS and Linux.

Is purple an SSH bookmark manager?

Yes. purple stores every SSH host in ~/.ssh/config as a named bookmark, fuzzy-searches them by alias, hostname or tag, and connects on Enter. Frecency sorting keeps your most-used bookmarks on top. purple also syncs bookmarks from 16 cloud providers and signs short-lived Vault SSH certificates.

Can I transfer files between local and remote servers with purple?

Yes. Press F on any host to open the remote file explorer. It shows local files on the left and the remote server on the right. Navigate directories, select files and copy them between machines via scp. Works through ProxyJump chains, password sources and active tunnels.

What cloud providers does purple support?

purple syncs servers from sixteen cloud providers: AWS EC2, Azure, DigitalOcean, GCP (Compute Engine), Hetzner, i3D.net, Leaseweb, Linode (Akamai), Oracle Cloud Infrastructure (OCI), OVHcloud, Proxmox VE, Scaleway, Tailscale, TransIP, UpCloud and Vultr. Each provider is configured with an API token or credentials profile. Synced hosts are tracked in your SSH config and updated on each sync.

How do command snippets work in purple?

Save commands and run them on remote hosts via SSH. In the TUI, press r to run on the selected host, Ctrl+Space to multi-select hosts then r, or R to run on all visible hosts. The CLI alternative supports tag-based targeting (--tag prod) and parallel execution (--parallel). Snippets are stored locally in ~/.purple/snippets.

How does SSH password management work in purple?

Set a password source per host via the TUI or a global default. When you connect, purple acts as SSH_ASKPASS and retrieves the password automatically. Supported sources: OS Keychain, 1Password, Bitwarden, pass, HashiCorp Vault KV secrets engine and custom commands. For short-lived SSH certificates purple also integrates with the HashiCorp Vault SSH secrets engine (a separate engine).

Can I manage Docker or Podman containers with purple?

Yes. Press C on any host to list all containers over SSH. Start, stop and restart without leaving the TUI. Purple auto-detects Docker or Podman on the remote host. No agent. No web UI. No extra ports.

Does purple modify my existing SSH config?

Only when you add, edit, delete or sync. All writes are atomic with automatic backups. Auto-sync runs on startup for providers that have it enabled (configurable per provider).

Will purple break my SSH config comments or formatting?

No. purple preserves comments, indentation and unknown directives through every read-write cycle. Consecutive blank lines are collapsed to one.

Does purple need a daemon or background process?

No. purple is a single Rust binary. Run it, use it, close it. No runtime, no daemon, no async framework.

Can I use purple with SSH Include files?

Yes. Hosts from Include files are displayed in the TUI but never modified. purple resolves Include directives recursively (up to depth 16) with tilde and glob expansion.

How do I sync Google Cloud (GCP) instances with purple?

In the TUI, press S to open the provider list, then add GCP. Fill in your service account JSON key file path, project ID and optionally specific zones. Purple reads the key, creates a JWT and exchanges it for an access token automatically. The CLI alternative is purple provider add gcp --token /path/to/sa-key.json --project my-project.

How do I sync Azure VMs with purple?

In the TUI, press S to open the provider list, then add Azure. Fill in your service principal JSON file path and subscription IDs. Supports both az CLI and portal credential formats. The CLI alternative is purple provider add azure --token /path/to/sp.json --regions SUBSCRIPTION_ID.

How do I sync Oracle Cloud Infrastructure (OCI) instances with purple?

In the TUI, press S to open the provider list, then add Oracle. Fill in your OCI config file path, compartment OCID and regions. The CLI alternative is purple provider add oracle --token ~/.oci/config --compartment OCID --regions eu-amsterdam-1. Requires IAM policies: read instance-family and read virtual-network-family.

How do I sync AWS EC2 instances with purple?

In the TUI, press S to open the provider list, then add AWS. Select your regions from the region picker and fill in your credentials profile or access key. The CLI alternative is purple provider add aws --profile default --regions us-east-1,eu-west-1. EC2 tags are synced (excluding internal aws:* tags). AMI names are resolved for OS metadata.

Is purple a Portainer alternative?

For container visibility and basic lifecycle control (start, stop, restart) over SSH, yes. Press C on any host to see its containers. No agent to install, no web UI to host, no ports to open. Works with Docker and Podman. Purple does not provide container creation, registry management or role-based access control.

How does purple compare to Lazydocker?

Lazydocker manages Docker locally on the host where it is installed. purple manages containers on remote servers over SSH from your local machine. Use Lazydocker for single-host local management. Use purple for multi-host remote management across your fleet.

purple - Terminal SSH Manager and SSH Config Editor in Rust

I had a perfectly good SSH config. Clean, well-organized, no complaints. That part worked.

What didn't work was the six other things I needed to do every day. Every container check was ssh, docker ps, scroll, repeat. Every file transfer was remembering scp flags. Every new cloud VM meant opening a console, copying an IP, editing my config by hand. And running the same command across a dozen hosts? That was either a bash loop or a whole Ansible setup for a one-liner.

So I put all of it in one terminal.

🔍 Find any host in a keystroke. Fuzzy matching across hostnames, IPs, tags and users. Your most-used servers float to the top automatically. Press : for a command palette with all 24 actions.

☁️ Pull servers from 16 cloud providers. AWS, Azure, GCP, Hetzner, DigitalOcean, Proxmox VE, Tailscale and 9 more. New VMs sync in, IPs stay current, decommissioned hosts get flagged.

🐳 See and control containers remotely. Docker and Podman over plain SSH. Start, stop, restart without installing anything on the remote.

📂 Browse and copy files between machines. Dual-pane file explorer. Local filesystem on one side, remote on the other. Handles ProxyJump chains and tunnels.

⚡ Run one command on many hosts. Pick a snippet, select your targets, execute. Results stream in per host.

🔑 Passwords handled for you. Plugs into OS Keychain, 1Password, Bitwarden, pass, the HashiCorp Vault KV secrets engine or a custom script. Credentials are fetched at connect time.

📜 Short-lived SSH certificates. Integrates with the HashiCorp Vault SSH secrets engine. Configure a role per host or per provider, press V to bulk-sign. Cached under ~/.purple/certs with automatic renewal.

🤖 Let AI agents manage your servers. Built-in MCP server with one-click .mcpb install for Claude Desktop. Works with Claude Code, Cursor, Windsurf and any MCP-compatible agent. Read-only mode and a JSON Lines audit log are built in.

📬 What's new overlay. Sticky toast and overlay summarizing releases since you last opened. Press n to reopen.

Cloud providers

AWS EC2
Azure
DigitalOcean
GCP
Hetzner
i3D.net
Leaseweb
Linode
Oracle Cloud
OVHcloud
Proxmox VE
Scaleway
Tailscale
TransIP
UpCloud
Vultr

FAQ

PURPLE(1)General Commands ManualPURPLE(1)

Does purple modify my SSH config?

Only when you explicitly add, edit, delete or sync. All writes are atomic with automatic backups. Comments, indentation and unknown directives are preserved.

Does it need a daemon or background process?

No. Single binary. Run it, use it, close it.

Does it send my config anywhere?

No. Your config never leaves your machine. Provider sync calls cloud APIs to fetch server lists. The TUI checks GitHub for new releases on startup (cached 24 hours). That's it.

Can I manage Docker containers with purple?

Yes. Press C on any host to list all containers over SSH. Start, stop, restart. Auto-detects Docker or Podman. No agent, no web UI, no extra ports.

Can AI assistants use purple?

Yes. Run curl -fsSL getpurple.sh | sh, then purple mcp to start the MCP server. Claude Code, Cursor, Windsurf and other agents get five tools: list_hosts, get_host, run_command, list_containers and container_action. Pass --read-only to restrict it to list_hosts, get_host and list_containers. Every call is logged to ~/.purple/mcp-audit.log by default (JSON Lines, mode 0o600, run_command body redacted). Claude Desktop users can install the .mcpb bundle from GitHub releases for a one-click setup. Full setup guide on the wiki.

How do I troubleshoot connection problems?

Run with --verbose to enable debug logging, then purple logs --tail in another terminal. Logs are written to ~/.purple/purple.log with fault domain prefixes: [external] for remote/tool errors, [config] for local config issues. Set PURPLE_LOG=trace for maximum detail.

purple v2.45.12026-04-20PURPLE(1)

$ curl -fsSL getpurple.sh | sh

One terminal. All your servers.

Open-source terminal SSH manager and SSH config editor for macOS and Linux.
Search, connect, transfer files and manage containers. All from one TUI.

One terminal. All your servers.

Open-source terminal SSH manager and SSH config editor for macOS and Linux.Search, connect, transfer files and manage containers. All from one TUI.

Open-source terminal SSH manager and SSH config editor for macOS and Linux.
Search, connect, transfer files and manage containers. All from one TUI.