← Back to Ideas

Remote Execution via PKI

Bundle a script and policy together, sign it with the service owner's key, and deliver it over any transport. The instance verifies the signature before executing.

This approach removes the dependency on any specific cloud service. The trust anchor is the PKI signing infrastructure — only artifacts signed by the service owner's private key are accepted. The transport is irrelevant: SSH, HTTP, SQS, or a USB stick all work the same way.

PKI-Signed Bundle Execution Caller (untrusted actor) submits script SERVICE OWNER'S SIGNING SYSTEM Review and Sign {script + policy} → signed bundle Service owner controls the signing key produces Signed Bundle delivered to host (any transport) Managed Instance ON THE MANAGED INSTANCE 1. Verify signature against trusted public key 2. Extract bundle script.rhai + policy.cedar 3. Run Rex rex-runner -s ... -p ... If the signature is invalid or the key is untrusted, the script is rejected before execution.

The service owner controls what can execute on their instances by controlling the signing key. The caller may provide a script, a policy, or both — but it's up to the service owner's signing system to decide what gets signed. The instance only accepts bundles with a valid signature from a trusted key.

What This Looks Like

1. Service owner creates and signs a bundle
# Create the bundle
tar czf bundle.tar.gz script.rhai policy.cedar

# Sign it with the service owner's private key
openssl dgst -sha256 -sign private.pem \
  -out bundle.sig bundle.tar.gz

The bundle contains both the script and the Cedar policy. The signature covers both — neither can be tampered with.

2. Deliver over any transport
# Via SSH
scp bundle.tar.gz bundle.sig instance:/tmp/rex/

# Via HTTP
curl -X POST https://instance:8443/execute \
  -F bundle=@bundle.tar.gz -F sig=@bundle.sig

# Cloud object stores (S3, Azure Blob, GCS) or message queues
# work equally well — the signature is what establishes trust.
aws s3 cp bundle.tar.gz s3://rex-bundles/
aws s3 cp bundle.sig s3://rex-bundles/

The transport doesn't matter — the signature is what establishes trust.

3. Agent on the instance verifies and runs
#!/bin/bash
# Verify the signature against the trusted public key
openssl dgst -sha256 -verify /etc/rex/trusted.pem \
  -signature bundle.sig bundle.tar.gz

if [ $? -ne 0 ]; then
  echo "Signature verification failed — rejecting bundle"
  exit 1
fi

# Extract and run
tar xzf bundle.tar.gz -C /tmp/rex-exec/
rex-runner \
  -s /tmp/rex-exec/script.rhai \
  -p /tmp/rex-exec/policy.cedar

The public key (/etc/rex/trusted.pem) is deployed to the instance by the service owner. Only bundles signed with the matching private key are accepted.