Agent Keeper
Tutorials

Deploy a Claude Code Cloud VM

Launch a hardened Ubuntu VM with Claude Code pre-installed, Agent Keeper security hooks pre-wired, and web terminal access — ready for your team in minutes.

What You Get

  • Claude Code CLI pre-installed globally with your Anthropic API key configured
  • Runtime Shield enforces security policies on every prompt and tool call via four hooks (UserPromptSubmit, PreToolUse, PostToolUse, SessionStart)
  • Web terminalvia console proxy — no SSH keys, no VPN, just click “Terminal”
  • Sandboxed user — Claude Code runs as a restricted claude user with limited sudo
  • Security scanningon schedule — continuous compliance monitoring in the dashboard
  • Full hardening — UFW firewall, fail2ban, SSH key-only, kernel hardening, disabled services

Prerequisites

1

Create an Agent Keeper account

Sign up at www.agentkeeper.dev/signup if you don't have an account yet.

2

Upgrade to Pro

Cloud VM deployment requires a paid plan (Pro, Team, or Enterprise). Go to Settings and click Upgrade to Pro.

3

Have your Anthropic API key ready

Claude Code VMs need an Anthropic API key. Get one from console.anthropic.com.

Team plans
On Team and Enterprise plans, your admin can configure an org-managed Anthropic key so developers don't need to bring their own.

Deploy the VM

4

Open the deploy wizard

Navigate to Hosts → Deploy or click the + Add Bot button and select Deploy Claude Code VM.

5

Select "Claude Code" then "Cloud VM"

In the deploy wizard, choose Claude Code as your deployment type, then select Cloud VM(not “Connect Workstations”).

6

Configure the instance

Choose a name, region, and instance size. Claude Code VMs require at least 4GB RAM (Medium plan, $40/mo). Paste your Anthropic API key.

CLAUDE.md
You can optionally provide a CLAUDE.md file with system instructions. This is written to ~/workspace/CLAUDE.md on the VM and Claude Code reads it automatically for project context.
7

Review and deploy

Review your configuration. Claude Code VMs include:

  • Runtime Shield always enabled
  • Sandboxed user with restricted permissions
  • SSH hardened (key-only, no root password)
  • UFW firewall, fail2ban, kernel hardening
  • Agent Keeper security scans on schedule
  • Web terminal via console proxy (ttyd)

Click Deploy. The dashboard shows real-time progress through each provisioning step (usually 3-5 minutes).

Use Your Claude Code VM

8

Open the web terminal

Once the status shows Ready, click the Terminal button on the instance detail page. A browser-based terminal opens with full access to your VM as the claude user.

9

Start using Claude Code

In the terminal, navigate to the workspace and start Claude Code:

cd ~/workspace
claude

Claude Code is pre-configured with your Anthropic API key and four Agent Keeper security hooks. Every prompt and tool call is evaluated by the Runtime Shield before execution. All prompts are logged to the threat feed.

10

Monitor from the dashboard

Your Claude Code VM reports scans automatically and shield events appear in real-time. The host detail page shows:

  • Overview— security score, shield status, scan history
  • Checks— detailed pass/fail results from each scan
  • Monitoring— shield events, blocked threats, audit trail
Connecting a git repo
You can clone any repository into ~/workspace via the web terminal. Claude Code will pick up the CLAUDE.md file and any .claude/settings.json in the repo root.

Automate these checks with Agent Keeper

One setup flow connects your agent fleet and starts enforcing policy.