Running micro-SaaS for less than 1€ a month
Hello!
In my previous posts I covered the technology stack, the deployment process, and the monitoring and analytics setup behind Secutils.dev. Today, let's talk about money: what it actually costs to run this SaaS in production. As developers, we know the value of being resourceful and frugal, especially when bootstrapping a side project. Here's how the bill stays close to zero for Secutils.dev.
The cost story is essentially unchanged: the production deployment still runs for the price of the domain. A few line items have evolved:
- The codebase moved from three repositories to a single mono-repo, so CI is one workflow per concern (
ci.yml,ci-perf.yml,e2e.yml) instead of three duplicated pipelines. - The database migrated from SQLite (with Litestream replication to S3-compatible Object Storage) to PostgreSQL 16. Backups are now native PostgreSQL dumps stored on Oracle Cloud Object Storage.
- The web scraper is now a separate Rust + Node.js service called Retrack, included as a git submodule.
- The bullet list below has been refreshed to reflect the current shape. The underlying free tiers are the same.
DISCLAIMER: The strategies below work well for early-stage products and micro-SaaS. They may not scale forever, but the failure mode of a side project is almost always "abandoned before it grew", not "couldn't keep up with growth". Optimise for boring and cheap until the data tells you otherwise.
Source code management
Cost: 0€ / month
Vendor: GitHub
The source code for Secutils.dev is hosted in a single mono-repo at secutils-dev/secutils, which is publicly available on GitHub. The few private bits (promotional website source, terms and privacy policy) live in private GitHub repositories. The free GitHub plan is more than enough, plus it includes secret scanning and Dependabot, both of which I happily use.
Continuous integration
Cost: 0€ / month
Vendor: GitHub
CI runs on GitHub Actions, which provides 2,000 free minutes per month on the free plan. With everything in a single repo, I have a small set of workflows:
ci.yml: builds and tests the Rust API, the Web UI, and the docs site, runscargo clippyandcargo test, and validates that the OpenAPI spec snapshot is in sync.ci-perf.yml: runs the JS runtime performance harness on every push tomainand appends a record to.perf/history.jsonlonly when something materially moves.e2e.yml: brings up the full Docker Compose stack and runs the Playwright e2e suite.
Aggressive use of Cargo and npm caches keeps individual runs short. Average wall time for the Rust build is under 5 minutes thanks to sccache and SQLX_OFFLINE=true (cached query metadata in .sqlx/).
Hosting
Cost: 0€ / month
Vendor: Oracle (Oracle Cloud Infrastructure)
Secutils.dev runs on a self-managed Kubernetes micro-cluster on the Oracle Cloud Free Tier. The relevant offer:
Arm-based Ampere A1 cores and 24 GB of memory usable as 1 VM or up to 4 VMs with 3,000 OCPU hours and 18,000 GB hours per month.
3,000 OCPU hours per month gives you 4 always-on OCPUs. I split that into a small cluster: a secutils-prod node (2 OCPUs, 12 GB RAM), a secutils-dev node (1 OCPU, 8 GB RAM), and a tiny secutils-qa node (1 OCPU, 4 GB RAM). All ARM, all linux/arm64, which suits the Rust API and the Node.js Retrack scraper equally well.
The free tier also covers unlimited inbound traffic and 10 TB of outbound traffic per month. Set up budget alerts so you notice immediately if anything starts running outside the free allowances.
Monitoring
Cost: 0€ / month
Vendor: Elastic (self-hosted)
I run Elasticsearch, Kibana, Filebeat, and Metricbeat inside the same Kubernetes cluster, deployed via Elastic Cloud on Kubernetes (ECK) under the Basic license. An index lifecycle policy keeps the on-disk footprint bounded by rolling over and deleting older indices.
For the structured-logging detail (the API switched to the tracing crate), see "Privacy-friendly usage analytics and monitoring".
Analytics
Cost: 0€ / month
Vendor: Plausible (self-hosted)
Plausible Analytics handles privacy-friendly product analytics, also self-hosted on the same Kubernetes cluster. Plausible stores events in ClickHouse, which compresses analytics data so well that storage will not be a concern any time soon.
Database & backups
Cost: 0€ / month
Vendor: Self-hosted PostgreSQL 16, backups on Oracle Cloud Object Storage
PostgreSQL runs as a stateful set inside the cluster, backed by a block-volume PVC. Daily logical dumps (pg_dump) are pushed to Oracle Cloud Object Storage via the S3-compatible API. The 20 GB of Object Storage in the free tier is plenty for the current data volume.
The original SQLite + Litestream setup served the project well in 2023. PostgreSQL is the right call now that the data model has tags, tracker history, secrets, and per-user export/import to support.
Secret management
Cost: 0€ / month
Vendor: Oracle (Oracle Cloud Infrastructure)
Sensitive configuration (master keys, third-party API tokens, the Kratos JWT secret, etc.) lives in Oracle Cloud Vault, which is part of the free tier. HashiCorp Vault would also work, OCI Vault is just already there.
TLS certificates
Cost: 0€ / month
Vendor: Internet Security Research Group (Let's Encrypt)
Traefik with the Let's Encrypt provider issues and renews certificates for secutils.dev automatically. The .dev TLD is on the HSTS preload list, so HTTPS is enforced and a missed renewal would silently break the site. Automation is non-negotiable here.
Storage
Cost: 0€ / month
Vendor: Oracle (Oracle Cloud Infrastructure)
200 GB of block volume storage is included in the free tier, which is more than enough for the current PostgreSQL volume, image registry caches, and Elastic indices. The 20 GB of Object Storage holds backups.
Email hosting
Cost: 0€ / month
Vendor: Oracle (OCI Email Delivery) and Zoho Mail
Transactional email (account activation, password reset, tracker change notifications) goes through OCI Email Delivery, which allows up to 3,000 emails per day on the free tier. Identity-related emails are sent by Ory Kratos, product notifications come from the in-house Rust subsystem (see "Q3 2023 update - Notifications"). Both use SMTP via Lettre.
For personal mail from *@secutils.dev addresses, I use Zoho Mail's Forever Free Plan.
Marketing
Cost: 0€ / month
Vendor: Word of mouth, blog posts, niche communities
No paid ads, no influencer deals. I publish posts I believe people will find useful (this one included) and share them on my personal social channels and a few niche communities. The community has done a lot of the rest.
Conclusion
The total cost of running Secutils.dev in production is essentially the cost of the secutils.dev domain name: about 11.30€ per year, or roughly 0.94€ per month. That is where the post title comes from.
There are startup credit programs that would cover a much fancier setup for a year or two, but they all come with strings attached and expire. For a bootstrapped indie SaaS, free-forever tiers compose into a stack that doesn't suddenly become expensive when the credits run out.
Frequently asked questions
Could you really host this on a single VPS?
Yes. The Kubernetes cluster is more elaborate than the project actually needs. A single ARM VPS with Docker Compose would handle the current load comfortably. I run Kubernetes because I'm familiar with it and because Oracle's free tier supports it.
Will this stack survive growth?
Probably not in its exact shape, no. The PostgreSQL instance and Retrack scraper are the first components that would need vertical or horizontal scaling. At that point I'd happily start paying for managed PostgreSQL and dedicated scraper nodes. The point of the current setup is to keep the cost of "exists in production" as close to zero as possible.
What about CDN?
Static assets are served by the in-cluster NGINX containers. At the current request volume there is no benefit to fronting them with a CDN. If the site ever takes huge organic traffic, Cloudflare's free tier in front of secutils.dev would solve that overnight.
That wraps up today's post, thanks for taking the time to read it!
If you found this post helpful or interesting, please consider showing your support by starring secutils-dev/secutils GitHub repository. Also, feel free to follow me on Twitter, Mastodon, LinkedIn, Indie Hackers, or Dev Community.
Thank you for being a part of the community!