Runner security and trust model

A CloudRadial AutomationAI runner is designed so that the platform never reaches into your environment and you keep control of its credentials. This article describes the trust model: the outbound-only posture, signed check-ins, how the secret is held, managed-identity access, and revocation. It is for the technician operating a runner.

• Outbound-Only by Design
• Signed Check-Ins
• The Secret Stays With You
• Managed-Identity Access
• Revocation

Outbound-Only by Design

The runner has no public ingress. AutomationAI's control plane never connects in to the runner; instead, the runner connects out to the control plane on its poll schedule. There is no broker and no shared-access tokens. This means your firewall never has to open an inbound path, and the runner's attack surface from the internet is zero.

Signed Check-Ins

Every check-in the runner sends is signed so the control plane can verify it came from the registered runner and was not tampered with. Each request carries the runner identity, a timestamp, a one-time nonce, and an HMAC-SHA256 signature computed over a canonical form of the request. The control plane recomputes the signature and rejects anything that does not match, and the timestamp and nonce guard against replay.

The Secret Stays With You

The runner secret is held by you and stored only in the runner's own Azure Key Vault. The control plane never stores the plaintext secret — it keeps only a one-way hash of it, alongside the runner's registered identity and the health history the runner reports. That stored hash is what the control plane uses to verify the runner's signatures. Because only the hash is stored server-side, the secret cannot be read back from the platform; if you lose it, you rotate it by re-installing with a new value.

Managed-Identity Access

Each runner Function App has a system-assigned managed identity, granted least-privilege roles on the resources it needs: reading the runner secret from Key Vault, invoking the bundled Foundry account, and using its runtime storage account. There are no resource keys or connection-string secrets to manage for these — access is governed entirely by the managed identity and Azure role assignments in your subscription.

Revocation

You can revoke a runner from the Runners page. After revocation, the next time the runner polls the control plane responds with a 410, and the runner records a durable retirement marker, stops polling, and short-circuits on every later tick without making any further calls. Revocation is therefore enforced on the runner's own next check-in rather than by reaching into your environment. To resume work after revoking, register and install a fresh runner.