zester

Introduction

Zester is a SaltStack alternative built in pure Go, powered by NATS JetStream and nkeys.

Zester delivers infrastructure automation without the overhead: a single static binary, no Python runtime, no external database, no ZeroMQ. Same flavor family as Salt — sharper tool.

Why Zester?

Single Binary, Zero Dependencies

Ship one static Go binary to every node. No Python interpreter, no pip packages, no virtualenvs. Install in seconds, not minutes.

NATS JetStream Built In

Replace ZeroMQ with a production-grade message bus that gives you durable events, KV storage, object storage, and horizontal scaling out of the box.

Ed25519 nkey Authentication

Modern cryptography with a three-tier trust hierarchy (Operator, Account, User). No RSA key exchange. No AES session negotiation. TLS 1.3 everywhere.

Built for Scale

Fan out commands to 100k nodes in ~250ms. Facts stored in NATS KV — no full fan-out needed. NATS superclusters and leaf nodes replace Salt syndic chains.

Jinja2-Compatible Templating

State files use Gonja, a Jinja2-compatible template engine for Go. Your existing template knowledge transfers directly.

Drop-In Concepts for Salt Users

Minions become Peels. Grains become Facts. Pillars become Settings. Mine becomes Basket. The mental model stays the same — the implementation gets better.

Salt vs Zester at a Glance

FeatureSaltStackZester
LanguagePythonGo (single static binary)
Message BusZeroMQ (custom protocol)NATS JetStream (production-grade)
AuthenticationRSA key exchange + AESEd25519 nkeys + TLS 1.3
ScalingSyndic hierarchyNATS superclusters + leaf nodes
Fact StorageIn-memory on masterNATS KV (persistent, distributed)
Settings DeliveryFull render, encrypt, sendKV with per-peel subject isolation + NaCl
Event PersistenceNone (fire-and-forget)JetStream (durable, replayable)
Job TrackingMaster memory + optional returnerNATS KV (persistent, no external DB)
Deploymentpip install + dependenciesSingle binary, zero dependencies
TemplatingJinja2 (Python)Gonja (Jinja2-compatible, Go)
Multi-RegionComplex syndic chainsNative NATS gateways

Naming Map

If you are coming from SaltStack, here is how concepts translate.

SaltStackZesterPurpose
MasterMasterCentral control plane
MinionPeelManaged node agent
GrainsFactsLocal system information collected by the peel
PillarsSettingsSecure per-peel configuration from the master
MineBasketPeel-to-peel data sharing
Beacons / ReactorBeacons / ReactorEvent-driven automation — durable events, deduplicated reactions (guide)
SyndicLeaf NodeMulti-tier / edge relay (NATS native)
Event BusNATS JetStreamMessage bus with persistence
Salt KeysnkeysEd25519 authentication
JinjaGonjaJinja2-compatible Go template engine
StatesStatesDeclarative desired-state definitions
Returner(built-in)JetStream KV replaces external returners

Where to Go Next

On this page