Get started

What are you building?

Choose your path. The setup is completely different for each.

βš™οΈ

Automated pipelines

GitHub Actions, CI/CD, scheduled jobs. PR-anchored sessions with OIDC auth.

πŸ€–

AI agents

Claude Code, Cursor, or any agent that makes tool calls. Real-time approvals.

Step 1 of 4 Β· AI Agent path

Connect REMIT to your agent

Add your MCP endpoint to Claude Code. Everything else depends on this being live.

Your MCP endpoint:

https://remit-community.keyflux.io/mcp/sse?key=rmit_7xK9mN2pQw4vLr

In Claude Code: Settings β†’ MCP Servers β†’ Add server β†’ paste the URL above.

Waiting for an active connection…
No skip button here. If the connection isn't working, the capability setup will silently fail and you won't know why.
Step 2 of 4 Β· AI Agent path

What does your agent need to access?

Select everything that applies. You can add more later.

βœ“
πŸ–₯️

SSH / VPS

Connect to servers via opkssh

Community
βœ“
☸️

Kubernetes

Deploy, scale, restart pods

Community
βœ“
πŸ—„οΈ

Database

PostgreSQL or MySQL β€” JIT credentials

Pro
☁️

AWS

STS credentials scoped per session

Coming soon
🌐

Cloudflare

Workers, DNS, R2

Coming soon
πŸ”—

Tailscale

Ephemeral auth keys

Coming soon
Step 3 of 4 Β· SSH setup

Set up SSH access

1
Install opkssh
2
Add your VPS
3
Test connection

Run this on your server once:

curl -sSL https://get.opkssh.io | sh
opkssh configure --oidc-issuer https://remit-community.keyflux.io/oidc --principal deploy

This adds REMIT as a trusted OIDC issuer in your sshd_config. You only do this once per host.

View full setup guide β†’
Step 3 of 4 Β· SSH setup

Set up SSH access

βœ“
Install opkssh
2
Add your VPS
3
Test connection

The name is how you'll reference this host in policies: ssh:my-vps:exec

Step 3 of 4 Β· SSH setup

Set up SSH access

βœ“
Install opkssh
βœ“
Add your VPS
3
Test connection
βœ“ OIDC issuer reachable at remit-community.keyflux.io/oidc
βœ“ opkssh responding on my-vps.example.com
βœ“ Test certificate issued and accepted β€” principal deploy, TTL 60s
βœ“ my-vps is connected. REMIT can issue SSH certificates for this host.
Step 3 of 4 Β· Policy

Your policy

Generated from your setup. Good defaults β€” edit anytime.

βœ“
Connect
βœ“
SSH
βœ“
K8s
4
Policy
5
Test

workspace: my-startup Β· saved as remit.yaml

ssh:my-vps:exec β†’ require your approval
ssh:my-vps:read β†’ auto-approved
k8s:staging/*:* β†’ auto-approved
k8s:production/*:* β†’ require your approval
k8s:*/secrets/*:* β†’ always denied

Staging is auto-approved. Production requires your click. Secrets are blocked permanently.

Step 4 of 4 Β· Try it

Ask Claude to use REMIT

Copy this into Claude Code and watch the audit trail update in real time.

βœ“
Connect
βœ“
SSH
βœ“
K8s
βœ“
Policy
5
Test
"Use REMIT to SSH into my-vps and check what's running on port 80."
⚠ Approval required Claude is requesting SSH exec access to my-vps as deploy. This will open a live session.
Live audit trail
10:42:01approval claude requested ssh:my-vps:exec β€” pending
10:42:04approval you approved ssh:my-vps:exec
waiting for session...
Done

You're set up.

βœ“

Session completed successfully

Certificate issued Β· private key never left the sandbox Β· session closed

1
session completed
1
credential issued
0
policy violations
Audit trail
10:42:01approval claude requested ssh:my-vps:exec
10:42:04approval you approved ssh:my-vps:exec
10:42:04session opened Β· host=my-vps Β· principal=deploy Β· ttl=300s
10:42:04cred issued Β· cert signed Β· key generated in sandbox
10:42:17session closed Β· cert expired Β· 0 policy violations