Security at HostSSH isn't a feature bolted on — it's the architecture. Images are encrypted before they leave the host, they land in storage you own, and the whole design assumes you should be able to walk away with everything at any moment.
Every image is sealed on the host with a key derived from your passphrase before a single byte leaves the machine. Authenticated encryption protects both confidentiality and integrity, so a tampered or truncated image is rejected at restore.
We never see the passphrase and never store it. Lose it and even we can't open your backups — which is exactly the point.
Your images live in your bucket — R2, S3, MinIO, B2, Wasabi, SFTP or local disk. HostSSH writes already-encrypted blobs there; the control plane is zero-knowledge about their contents and holds no copy of your data.
Restores read straight from your bucket, so there's no egress through us and nothing to hold hostage. Revoke our credentials and your backups are still right where you put them.
Entitlements are carried in ed25519-signed license tokensthe agent verifies locally against a public key. There's no phone-home dependency to gate features, so an agent keeps working through a network blip or an outage.
Crucially, license state never gates recovery: even an expired license can perform an emergency restore. Your ability to get your data back is not for sale and not revocable.
Access to the control plane is governed by role-based access control — owner, admin and user roles scope who can deploy, provision, restore or relocate — with multi-factor authentication on accounts.
The MCP and CLI ride the same authorization path as the web console, so an AI agent or a script can never exceed the permissions of the identity behind it. No privileged side door.
Every consequential action — a deploy, a provision, a backup, a restore-drill, a migration, a role change — is written to an append-only audit log with who, what, when and from where.
It's the same record whether the action came from a person at the console, the CLI, or an AI agent over MCP — one timeline you can actually trust for review and incident response.
The whole system is built around one promise: your data can never be held hostage — not by us, not by a cloud provider, not by an expired invoice.
Your backups sit in your own bucket, encrypted with your own passphrase, in a portable format you can restore with the open agent. Cancel any time and walk away with a one-command-restorable copy of your entire fleet. Your data, your bucket, your exit — always.
HostSSH is in private build on a real production fleet. Get on the early-access list and put your servers somewhere they can never be held hostage.