Tools implementing deSEC

In this post, we keep a list of deSEC-aware software that we have knowledge of.

Note: This does not imply any endorsement by deSEC. We also do not evaluate whether the tools listed here implement sensible security measures, nor do we know whether these programs hold what they promise. The list is merely meant as an inspiration for digging deeper into the deSEC ecosystem.

dynDNS clients


DNS orchestration

ACME clients

Webserver in-built


  • Proxmox Virtual Environment, e.g. pvenode
  • Traefik supports deSEC through lego (see ablove). Previously, there was this extra module: Traefik dedyn-dns01 (now superseded)

General purpose API clients


Command-line Interface (CLI)

To extend this list, please reply to this post, and after short inspection we may include your suggestion in the list.


dnscontrol will also get support for desec:

1 Like

Hi d3luxee,

Support was just merged into DNSControl, so I added it to the above list. Thanks for the contribution!

Stay secure,

Lego (an ACME client) has deSEC support too now! I filed the issue asking them to implement it, and the next day it was done:



I created a Go client:

You can also remove Traefik dedyn-dns01 as Traefik support deSEC natively (through lego)

1 Like

Hi vika, ldez,

Thanks for your contributions! This is really great to see <3 I’m making the corresponding changes to the list.

Stay secure,

Thx for adding my stuff. :smiley:

I’m currently finishing up the python API wrapper. I’ll release the first 1.0 beta in a couple of days.

After that I’ll continue working on the ansible modules. So feel free to test the desec-dns-api library and give feedback.

I just uploaded my PHP library to connect to deSEC API.

Hi Taras,

Thanks for your contribution! I’ve added it to the top post of this thread.

Stay secure,

Hi! I found a Caddy module that supports DNS ACME challenge using a deSEC API token: GitHub - caddy-dns/desec: deSEC module for Caddy

1 Like

Hi strawberry,

Thanks, I added it to the list!

Stay secure,

1 Like

desec-dns-api does not exist anymore on pypi. A relatively new project appeared at desec.

Thanks, RonObvious, I made these changes!

Stay secure,

The repository is marked as archived and the project is in readonly mode. Looks like PyPI releases have all been yanked too. This should be marked as unmaintained or abandoned.

Hi WhyNotHugo,

Thanks for your message, and welcome to deSEC! :slight_smile:

I verified your report, and removed the unmaintained link from the collection.

Stay secure,