If you’re searching for a free alternative to Hudu, you’re probably at one of a few familiar inflection points: the per-seat bill just got reviewed in a budget meeting, a client asked an uncomfortable question about where their credentials actually live, or someone on the team floated the question of what happens to your documentation if Hudu’s pricing changes the way IT Glue’s did after the Kaseya acquisition.
Any of those is a reasonable reason to be here. Weavestream is a self-hosted, open-source IT documentation platform that covers the same surface as Hudu — structured asset tracking, credential vault, knowledge base, domain monitoring, client portals, IPAM — running entirely on infrastructure you control, at no licensing cost.
What Hudu does well
Hudu is a genuinely good product. If you need to sign up, onboard clients, and be documenting infrastructure within the hour, it delivers that. The UI is polished, the RMM integrations are broad, and the team ships updates regularly. For MSPs who want a login URL and no infrastructure overhead, Hudu is a strong choice.
This article isn’t about telling you Hudu is bad. It’s about identifying who Hudu wasn’t designed for — and what a self-hosted alternative actually looks like in practice.
The structural problem with vendor-hosted documentation
Hudu’s model is SaaS: your documentation lives on their servers, under their security controls, subject to their pricing decisions and their uptime. That’s a reasonable trade-off for teams that genuinely don’t want to run infrastructure. But it carries costs beyond the monthly bill.
Data sovereignty. Your clients’ credentials, network diagrams, and infrastructure layouts are in a vendor’s cloud. You accepted their security model when you signed up. You have no independent ability to audit what happens to that data at rest, in transit, or in the event of a breach.
Uptime dependency. Hudu’s availability determines your team’s ability to pull a firewall password at 2am during a client emergency. SLAs don’t fix a client call that goes wrong because documentation was inaccessible.
Migration lock-in. Exporting years of structured asset data, encrypted passwords, and cross-linked articles out of a SaaS platform is painful. Relationship graphs and asset links don’t survive most export formats intact. The practical cost of switching grows every month you stay.
Pricing flexibility. Hudu sets the per-seat price. If it moves — as has happened to IT Glue’s customer base under Kaseya — your options are pay, migrate under pressure, or leave. None of those are great on a timeline you didn’t choose.
For homelab operators and privacy-oriented sysadmins, these are dealbreakers by default. For MSPs handling healthcare, legal, or financial clients, they’re increasingly real compliance concerns. For any technically capable team, they’re simply reasons to prefer infrastructure they own.
What the open-source alternative actually looks like
Weavestream is licensed under AGPL-3.0. The full source is on GitHub, images are on GHCR, and there are no telemetry calls, license checks, or paywalled features. It runs as three Docker containers — web, API, worker — on top of Postgres and Redis. One compose.yml.
curl -O https://raw.githubusercontent.com/Weavestream/Weavestream/main/compose.yml
curl -O https://raw.githubusercontent.com/Weavestream/Weavestream/main/.env.example
mv .env.example .env
curl https://raw.githubusercontent.com/Weavestream/Weavestream/main/scripts/keygen.sh | bash >> .env
docker compose up -d
That’s the entire install. Your data lives in host-mounted directories on your own hardware or VPS. Back it up with pg_dump and rsync. Restore it anywhere Postgres runs. No export API, no support ticket, no asking permission.
“Free” here means free as in freedom and free as in price. You’ll need infrastructure to run it — a modest VPS is enough — but you won’t pay a per-seat license to Hudu, Kaseya, or anyone else.
Feature comparison: Hudu vs Weavestream
| Feature | Hudu | Weavestream |
|---|---|---|
| Pricing Model | Per-user, per-month SaaS subscription | 100% Free & Open Source (AGPL-3.0) |
| Data Ownership | Hosted in vendor cloud | Self-hosted via Docker (your Postgres DB) |
| Offline Capabilities | Dependent on vendor uptime | Fully local — no license checks, no phoning home |
| Structured Asset Tracking | ✅ | ✅ Clients, Assets, Credentials, Domains, IPAM |
| Relationship Mapping | ✅ Asset relationships | ✅ The Weave: link assets to KBs, IPs, and logins |
| Password Vault | ✅ | ✅ AES-256-GCM, TOTP support, breach detection |
| Documentation / KB | ✅ Rich-text | ✅ Rich-text + Markdown |
| Domain & SSL Monitoring | ✅ | ✅ WHOIS + DNS + TLS expiry tracking |
| IP Address Management | Limited | ✅ Full IPAM with conflict detection |
| Client Portal | ✅ | ✅ |
| Audit Log | ✅ | ✅ Append-only, tamper-resistant |
| Forced MFA | Optional | ✅ Platform-enforced, no opt-out |
| Open Source | ❌ | ✅ AGPL-3.0 |
| Zero Telemetry | Undisclosed | ✅ None |
| Vendor Risk | Hudu pricing decisions | None — you own the stack |
| RMM / PSA Integrations | Extensive (ConnectWise, Autotask, Datto, Ninja) | Growing (Action1, UniFi, NinjaOne) |
| Mobile App | ✅ | ❌ (responsive browser only) |
The honest gap: Hudu has a deeper RMM and PSA integration surface today. If ConnectWise or Autotask sync is a daily-use dependency, that matters and you should weigh it. On every dimension that touches data ownership, security posture, and operational independence — Weavestream is the stronger option.
Why self-hosting your IT documentation specifically matters
Most software categories can tolerate vendor dependency. Your IT documentation platform is categorically different. It holds the keys to every client environment you manage — every firewall credential, every server login, every network diagram. The security and availability model of that platform deserves the same scrutiny you’d apply to any other piece of critical infrastructure.
Self-hosting with Weavestream means:
- Your breach radius is yours to define. Network isolation, firewall rules, VPN-only access — you set the perimeter.
- Your uptime is your uptime. A local instance on a well-maintained VPS or on-prem server is not going down because of a vendor’s infrastructure event.
- Your security policy is yours. Stricter session timeouts, custom TLS, enforced MFA, your own key management — you configure it, not a vendor’s defaults.
- Your data is in a Postgres database you can query directly. Migrations, backups, custom reporting, and integrations you build yourself are all first-class operations.
Migrating from Hudu to Weavestream
The fear of migration is the biggest reason MSPs stay on a platform they’ve outgrown. Years of structured records feel impossible to move. In practice, the process is more straightforward than it appears.
What maps cleanly: Client records, assets, knowledge base articles, and credentials all have direct equivalents in Weavestream’s data model. Hudu’s CSV exports cover the bulk of structured data. Weavestream’s import tooling handles flat CSV files for clients, assets, and credentials.
What requires manual work: Relationship links and cross-referenced articles don’t survive export formats with their graph structure intact — this is true of any platform migration, not just Weavestream’s. Expect to rebuild asset relationships as you review each client during the transition.
Practical approach: Run Weavestream in parallel for 30–60 days. Deploy it on a VPS, migrate one or two smaller clients to validate your workflow, then work through the book at your own pace. Because your Weavestream data lives in a Postgres schema you own, you can also script bulk imports directly against the database — something you can’t do with any vendor-hosted platform.
The migration is work. It’s also work you only do once, and it ends with your documentation living somewhere it can’t be repriced, acquired, or taken offline by anyone but you.
Who should stay on Hudu
- Deep ConnectWise, Autotask, or Datto integration is a daily-use requirement that needs to work on day one.
- Your team is non-technical and has no appetite for managing infrastructure.
- The per-seat cost is comfortable and data sovereignty is not a concern.
Those are legitimate reasons. Hudu is a capable, actively developed product. The question is whether a SaaS platform controlled by a third party is the right foundation for the most sensitive data your business holds.
Who should choose Weavestream
- You’re an MSP, homelab operator, or internal IT team who can run a Docker stack.
- You have clients in regulated industries where vendor-hosted credentials are a compliance question.
- You want your documentation accessible regardless of what any vendor decides to do with their pricing or infrastructure.
- You want to audit the source code, extend it for your own tooling, or contribute to its development.
- You’re spending on SaaS tooling and want to reclaim the budget for infrastructure you own.
Security model
Weavestream’s defaults are intentionally stricter than most platforms in this category. MFA is platform-enforced — every account, no per-user opt-out. Credentials are encrypted with AES-256-GCM using a key that lives in your environment, not on a vendor’s key management service. The audit log is append-only and protected at the database-role level, so even a compromised application layer cannot retroactively alter records. HaveIBeenPwned breach detection runs on every saved credential.
Full details are in the security documentation and encryption spec.
Get started
Deploy in under ten minutes: Quickstart guide.
The source, issue tracker, and release notes live at github.com/Weavestream/Weavestream. If a feature gap is keeping you on Hudu, open an issue — the roadmap is public and driven by what MSPs actually need.
Your documentation should be yours. Weavestream is how you get there without paying someone else for the privilege.