How-to
Use AxiNode without storing credentials
Follow this flow to onboard agents, run commands, and get telemetry/audit visibility — all without SSH/RDP secrets or inbound firewall rules.
Step-by-step
Install the agent
Deploy the lightweight binary on Windows or Linux. No inbound ports are opened.
Enroll with a bootstrap token
Generate a short-lived token in the dashboard/CLI; the agent binds to the server and tenant, then gets mTLS.
Sign and dispatch commands
UI/CLI/REST produce signed envelopes with policy, TTL, and nonce; agents pull outbound.
Verify & execute
Agent validates signature + target binding, executes with least privilege, and sandboxes scripts.
Observe telemetry & audit
Live CPU/memory/latency plus append-only audit with correlation IDs across UI/CLI/API.
CLI
$ axinode auth login --token $AXINODE_TOKEN $ axinode agents bootstrap create --server win-iis-01 TOKEN=agt_boot_01H8... $ axinode agent register --token $TOKEN --url https://api.axinode.com $ axinode servers list --env production --json
Token shown once; stored hashed. Outbound-only mTLS for agents.
REST API
POST /api/v1/servers/{id}/commands
{
"type": "RestartService",
"payload": { "serviceName": "W3SVC" },
"timeoutSeconds": 120
}Responses use ProblemDetails with correlationId. Agents verify signature and target binding.
What you get
- Zero credentials stored; no inbound ports or VPNs.
- Signed envelopes with TTL/nonce/policy; outbound-only agents validate before execution.
- Unified audit with correlation IDs; telemetry streamed over gRPC.