Collaborate Safely Without Sharing SSH Access or Keys

Originally published at orquesta.live/blog/collaborate-safely-without-sharing-ssh-access-or-keys

The traditional model of collaboration often hinges on direct access—think SSH keys and shell access—posing potential security risks. With Orquesta, we've created a new model, allowing others to contribute without compromising on security.

The Problem with Traditional Methods

Allowing someone into your environment typically means sharing keys or granting shell access. This approach has multiple inherent risks:

• Security Exposure: Sharing SSH keys means exposing sensitive access.
• Infrastructure Impact: Direct shell access can lead to unintended changes.
• Management Overhead: Revoking access or rotating keys requires additional effort.

In response to these challenges, we designed Orquesta to facilitate a secure and efficient way to collaborate.

The Orquesta Model: Controlled and Secure Access

With Orquesta, the process is radically different:

• Install the Agent: You install the Orquesta agent on your local machine. This agent acts as the intermediary between your infrastructure and the collaborators.
• Invite Collaborators: Simply invite team members to submit prompts via the Orquesta dashboard. They never see your keys or the internal workings of your systems.
• Submit Prompts: Collaborators submit their tasks as prompts. These prompts are processed by your local AI agent, which can run in different execution modes—ideal for various scenarios.

How It Works

1. Agent Installation: Start by installing the Orquesta agent on your local system. This agent will run the necessary processes, ensuring that code execution remains within your infrastructure.

2. Role-Based Permissions: Assign roles to collaborators. Define what actions they can initiate, whether it’s viewing logs, submitting prompts, or reviewing code.

3. Prompt Submission: Collaborators use the dashboard to submit prompts. The local agent processes these prompts, running simulations and executing commands without exposing the underlying infrastructure.

4. Real-Time Monitoring: Use the Agent Grid to monitor all activities in real-time. Every action and result is visible, ensuring you maintain control over what happens within your environment.
   

# Example of installing the Orquesta agent
git clone https://github.com/orquesta/orquesta-agent.git
cd orquesta-agent
./install.sh

Execution Modes for Flexibility

Orquesta supports four execution modes, each suited to different needs:

• Auto: The AI intelligently selects the most suitable mode based on the prompt's context.
• SSH: Direct command execution for specific, straightforward tasks.
• Agent: Uses Claude CLI to interpret and execute complex instructions.
• Batuta: Engages in a loop of autonomous execution, ideal for iterative tasks.

Security Ensured Through Advanced Features

• Encryption: All interactions are encrypted with AES-256, ensuring that data remains secure.
• Audit Trail: Every action leaves a digital footprint, with logs, diffs, and costs recorded for compliance and review.
• Quality Gates: Before any code is pushed live, it undergoes simulation and requires a team lead's approval.

Real-World Use Case

Consider a development team working on a new feature. By using Orquesta, a contributor can submit a prompt for a new function addition. The local agent processes the prompt, reviews the changes for compliance with CLAUDE.md standards, and simulates execution. The team lead then reviews and approves the changes before deployment.

Conclusion

Orquesta offers a means to collaborate securely without compromising your environment's integrity. By eliminating the need for direct SSH or key sharing, we ensure that your infrastructure remains protected while enabling efficient and effective teamwork. The model shifts the focus from access management to collaboration and innovation.