diff --git a/.github/scripts/aws-delete-ci-resources.sh b/.github/scripts/aws-delete-ci-resources.sh
index d2aab90f..01a0c522 100644
--- a/.github/scripts/aws-delete-ci-resources.sh
+++ b/.github/scripts/aws-delete-ci-resources.sh
@@ -9,12 +9,20 @@ REGION="eu-west-1"
 instance_ids=$(aws ec2 describe-instances --query 'Reservations[].Instances[].InstanceId' --region "$REGION" --output text)
 # Loop through each instance ID and terminate it
 for instance_id in $instance_ids; do
-  echo "Listing instance: $instance_name ($instance_id)"
   instance_name=$(aws ec2 describe-tags --filters "Name=resource-id,Values=$instance_id" "Name=key,Values=Name" --region "$REGION" --output=text | cut -f5)
+  echo "Listing instance: $instance_name ($instance_id)"
   if [[ $instance_name == *"packer"* ]] || [[ $instance_name == *"gh-ci"* ]]; then
     echo "--> Terminating instance: $instance_name ($instance_id)"
     aws ec2 terminate-instances --instance-ids "$instance_id" --region "$REGION"
   fi
+
+   # Get SSH key name
+  ssh_key_name=$(aws ec2 describe-instances --instance-ids "$instance_id" --query 'Reservations[].Instances[].KeyName' --region "$REGION" --output text)
+  echo "Listing SSH key: $ssh_key_name"
+  if [[ $ssh_key_name == *"packer"* ]]; then
+    echo "--> Terminating instance: $ssh_key_name ($instance_id)"
+    aws ec2 terminate-instances --instance-ids "$instance_id" --region "$REGION"
+  fi
 done
 
 # List all EBS volume IDs and extract their IDs
diff --git a/.github/scripts/azure-new-instance.sh b/.github/scripts/azure-new-instance.sh
index fab55af4..912520f6 100755
--- a/.github/scripts/azure-new-instance.sh
+++ b/.github/scripts/azure-new-instance.sh
@@ -53,3 +53,6 @@ else
 fi
 
 az vm open-port -g packer-snp -n "$NAME" --priority 100 --port 5555,443,22
+
+HOST=$(az vm show -d -g packer-snp -n "$NAME" --query publicIps -o tsv)
+echo "$HOST"
diff --git a/.github/workflows/aws_base_main.yml b/.github/workflows/aws_base_main.yml
index ee98edfa..10b26912 100644
--- a/.github/workflows/aws_base_main.yml
+++ b/.github/workflows/aws_base_main.yml
@@ -22,4 +22,4 @@ jobs:
       techno: sev
       distrib: ${{ matrix.distrib }}
       product: ${{ matrix.product }}
-      base-version: 0.1.4
+      base-version: 0.1.5
diff --git a/.github/workflows/aws_main.yml b/.github/workflows/aws_main.yml
index 9342cdd3..365e381a 100644
--- a/.github/workflows/aws_main.yml
+++ b/.github/workflows/aws_main.yml
@@ -30,7 +30,7 @@ jobs:
       product: ${{ matrix.product }}
       kms-version: 4.16.0
       ai-runner-version: 0.3.0
-      base-version: 0.1.4
+      base-version: 0.1.5
 
   post-clean-resources:
     if: success() || cancelled()
diff --git a/.github/workflows/azure_base_main.yml b/.github/workflows/azure_base_main.yml
index 5c675c59..7f30de55 100644
--- a/.github/workflows/azure_base_main.yml
+++ b/.github/workflows/azure_base_main.yml
@@ -26,6 +26,6 @@ jobs:
       techno: ${{ matrix.techno }}
       distrib: ${{ matrix.distrib }}
       product: ${{ matrix.product }}
-      base-version: 0.1.4
+      base-version: 0.1.5
       kms-version: 0.0.0
       ai-runner-version: 0.0.0
diff --git a/.github/workflows/azure_image.yml b/.github/workflows/azure_image.yml
index 2f318f51..4c611a2a 100644
--- a/.github/workflows/azure_image.yml
+++ b/.github/workflows/azure_image.yml
@@ -136,7 +136,7 @@ jobs:
           COSMIAN_VM_VERSION="last_build/${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}"
 
           export ANSIBLE_HOST_KEY_CHECKING=False
-          ansible-playbook ${{ inputs.product }}-playbook.yml -i ${IP_ADDR}, -u cosmian -e cosmian_vm_version=$COSMIAN_VM_VERSION -e cosmian_kms_version=${{ inputs.kms-version }} -e cosmian_ai_runner_version=${{ inputs.ai-runner-version }} --tags check-${{ inputs.product }}
+          ansible-playbook ${{ inputs.product }}-playbook.yml -i ${IP_ADDR}, -u cosmian -e cosmian_vm_version=$COSMIAN_VM_VERSION -e cosmian_kms_version=${{ inputs.kms-version }} -e cosmian_ai_runner_version=${{ inputs.ai-runner-version }} --tags check-${{ inputs.product }} --skip-tags role-cleanup
 
       - name: Stop and delete Azure instance
         if: success() || cancelled()
diff --git a/.github/workflows/gcp_base_main.yml b/.github/workflows/gcp_base_main.yml
index ed7733b3..0ccfbbe1 100644
--- a/.github/workflows/gcp_base_main.yml
+++ b/.github/workflows/gcp_base_main.yml
@@ -26,4 +26,4 @@ jobs:
       techno: ${{ matrix.techno }}
       distrib: ${{ matrix.distrib }}
       product: ${{ matrix.product }}
-      base-version: 0.1.4
+      base-version: 0.1.5
diff --git a/.github/workflows/nightly_aws_main.yml b/.github/workflows/nightly_aws_main.yml
index 38b27a2e..365e6a95 100644
--- a/.github/workflows/nightly_aws_main.yml
+++ b/.github/workflows/nightly_aws_main.yml
@@ -35,7 +35,7 @@ jobs:
       product: ${{ matrix.product }}
       kms-version: 4.16.0
       ai-runner-version: 0.3.0
-      base-version: 0.1.4
+      base-version: 0.1.5
 
   # Too many failures when rebooting EC2
   # ansible:
diff --git a/.github/workflows/nightly_azure_main.yml b/.github/workflows/nightly_azure_main.yml
index dba82d64..9f2e6ccb 100644
--- a/.github/workflows/nightly_azure_main.yml
+++ b/.github/workflows/nightly_azure_main.yml
@@ -37,7 +37,7 @@ jobs:
       product: ${{ matrix.product }}
       kms-version: 4.16.0
       ai-runner-version: 0.3.0
-      base-version: 0.1.4
+      base-version: 0.1.5
 
   ansible:
     if: startsWith(github.ref, 'refs/tags/') != true
diff --git a/.github/workflows/nightly_gcp_main.yml b/.github/workflows/nightly_gcp_main.yml
index f2108960..d5390208 100644
--- a/.github/workflows/nightly_gcp_main.yml
+++ b/.github/workflows/nightly_gcp_main.yml
@@ -55,7 +55,7 @@ jobs:
       product: ${{ matrix.product }}
       kms-version: 4.16.0
       ai-runner-version: 0.3.0
-      base-version: 0.1.4
+      base-version: 0.1.5
 
   ansible:
     if: startsWith(github.ref, 'refs/tags/') != true
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ab28bf86..f4da4e7c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,12 @@
 
 All notable changes to this project will be documented in this file.
 
+## [1.2.3] - 2024-06-15
+
+### Bug Fixes
+
+- Upgrade base image to 0.1.5: clean all authorized_keys ([#139](https://github.com/Cosmian/cosmian_vm/pull/139))
+
 ## [1.2.2] - 2024-06-13
 
 ### Bug Fixes
diff --git a/Cargo.lock b/Cargo.lock
index 5ed42e36..0e34451b 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -966,7 +966,7 @@ checksum = "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f"
 
 [[package]]
 name = "cosmian_certtool"
-version = "1.2.2"
+version = "1.2.3"
 dependencies = [
  "acme-lib",
  "actix-files",
@@ -985,7 +985,7 @@ dependencies = [
 
 [[package]]
 name = "cosmian_vm"
-version = "1.2.2"
+version = "1.2.3"
 dependencies = [
  "anyhow",
  "clap 4.5.4",
@@ -1003,7 +1003,7 @@ dependencies = [
 
 [[package]]
 name = "cosmian_vm_agent"
-version = "1.2.2"
+version = "1.2.3"
 dependencies = [
  "actix-cors",
  "actix-http",
@@ -1048,7 +1048,7 @@ dependencies = [
 
 [[package]]
 name = "cosmian_vm_client"
-version = "1.2.2"
+version = "1.2.3"
 dependencies = [
  "base64 0.22.1",
  "hex",
@@ -1894,7 +1894,7 @@ dependencies = [
 
 [[package]]
 name = "ima"
-version = "1.2.2"
+version = "1.2.3"
 dependencies = [
  "bincode",
  "hex",
diff --git a/Cargo.toml b/Cargo.toml
index 17ee4d06..9fd17107 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -9,7 +9,7 @@ members = [
 resolver = "2"
 
 [workspace.package]
-version = "1.2.2"
+version = "1.2.3"
 edition = "2021"
 license = "BUSL-1.1"
 license-file = "LICENSE"
diff --git a/README.md b/README.md
index aa053de4..84715fe1 100644
--- a/README.md
+++ b/README.md
@@ -46,13 +46,13 @@ Our client CLI [cosmian_vm](https://github.com/Cosmian/cosmian_vm/tree/main/crat
 - [Snapshot of the system](#snapshot-of-the-system)
 - [Verification of the remote instance](#verification-of-the-remote-instance)
 - [Cloud providers support](#cloud-providers-support)
-  - [Marketplace Image content](#marketplace-image-content)
-  - [Configuration file](#configuration-file)
-  - [First Cosmian VM launch](#first-cosmian-vm-launch)
-  - [Handle Cosmian VM status](#handle-cosmian-vm-status)
-  - [Usage](#usage)
-  - [Provide secrets without SSH access](#provide-secrets-without-ssh-access)
-- [Other Cosmian Products base on Cosmian VM](#other-cosmian-products-base-on-cosmian-vm)
+  * [Marketplace Image content](#marketplace-image-content)
+  * [Configuration file](#configuration-file)
+  * [First Cosmian VM launch](#first-cosmian-vm-launch)
+  * [Handle Cosmian VM status](#handle-cosmian-vm-status)
+  * [Usage](#usage)
+  * [Provide secrets without SSH access](#provide-secrets-without-ssh-access)
+- [Other Cosmian Products based on Cosmian VM](#other-cosmian-products-based-on-cosmian-vm)
 
 <!-- tocstop -->
 
@@ -279,11 +279,12 @@ The `restart` subcommand can restart the application identified in `service_name
 cosmian_vm --url https://my_app.dev app restart
 ```
 
-## Other Cosmian Products base on Cosmian VM
+## Other Cosmian Products based on Cosmian VM
 
-| Cosmian VM | Cosmian KMS | Cosmian AI Runner |
-| ---------- | ----------- | ----------------- |
-| 1.2.2      | 4.16.0      | 0.3.0             |
-| 1.2.1      | 4.16.0      | 0.3.0             |
-| 1.2.0      | 4.16.0      | -                 |
-| 1.1.2      | 4.15.0      | -                 |
+| Base image | Cosmian VM | Cosmian KMS | Cosmian AI Runner |
+| ---------- | ---------- | ----------- | ----------------- |
+| 0.1.5      | 1.2.3      | 4.16.0      | 0.3.0             |
+| 0.1.4      | 1.2.2      | 4.16.0      | 0.3.0             |
+| 0.1.3      | 1.2.1      | 4.16.0      | 0.3.0             |
+|            | 1.2.0      | 4.16.0      | -                 |
+|            | 1.1.2      | 4.15.0      | -                 |
diff --git a/ansible/README.md b/ansible/README.md
index 4e724ce8..b78ba712 100644
--- a/ansible/README.md
+++ b/ansible/README.md
@@ -4,6 +4,10 @@
 
 ### Changelog
 
+## [0.1.5] - 2024-06-15
+
+- RHEL/Ubuntu: clean all authorized_keys ([#139](https://github.com/Cosmian/cosmian_vm/pull/139))
+
 ## [0.1.4] - 2024-06-12
 
 - RHEL:
@@ -102,8 +106,8 @@ export USERNAME=cosmian
 export HOST=35.204.83.49
 # Be sure to install deps: `pip install -r python_modules.txt` on your localhost
 cd ansible
-ansible-playbook cosmian-vm-playbook.yml -i ${HOST}, -u $USERNAME -e cosmian_vm_version=1.2.2
-ansible-playbook kms-playbook.yml -i ${HOST}, -u $USERNAME -e cosmian_vm_version=1.2.2 -e cosmian_kms_version=4.16.0
+ansible-playbook cosmian-vm-playbook.yml -i ${HOST}, -u $USERNAME -e cosmian_vm_version=1.2.3
+ansible-playbook kms-playbook.yml -i ${HOST}, -u $USERNAME -e cosmian_vm_version=1.2.3 -e cosmian_kms_version=4.16.0
 ```
 
 The machine has been configured
diff --git a/ansible/base-image-packer-playbook.yml b/ansible/base-image-packer-playbook.yml
index 87c00266..9590e8b7 100644
--- a/ansible/base-image-packer-playbook.yml
+++ b/ansible/base-image-packer-playbook.yml
@@ -3,13 +3,14 @@
   hosts: all
   become: true
   roles:
-    - role: configure_ima
-      tags: configure_ima
+    - role: upgrade
+      tags: role-upgrade
     - tpm
     - instance_configs # GCP only
     - intel
-    - upgrade
     - no_updates
+    - role: configure_ima
+      tags: role-configure-ima
 
 - name: Reboot after GRUB changes, Linux updates and TPM support installation
   hosts: all
@@ -43,3 +44,10 @@
         - name: Display Security updates
           ansible.builtin.debug:
             var: dnf_security_update
+
+- name: Clean base image
+  hosts: all
+  become: true
+  roles:
+    - role: cleanup
+      tags: role-cleanup
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 75648ea9..b8e759be 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -1,5 +1,5 @@
 ---
-cosmian_vm_version: 1.2.2
+cosmian_vm_version: 1.2.3
 cosmian_kms_version: 4.16.0
 cosmian_ai_runner_version: 0.3.0
 
diff --git a/ansible/roles/cleanup/tasks/main.yml b/ansible/roles/cleanup/tasks/main.yml
new file mode 100644
index 00000000..16c9d4a9
--- /dev/null
+++ b/ansible/roles/cleanup/tasks/main.yml
@@ -0,0 +1,39 @@
+---
+# tasks file for ansible/roles/kms
+
+- name: Check OS distribution
+  ansible.builtin.debug:
+    var: ansible_distribution
+
+- name: Find all authorized_keys files
+  ansible.builtin.find:
+    paths:
+      - /home
+      - /root
+    recurse: true
+    patterns: authorized_keys
+  register: authorized_keys
+
+- name: Display authorized_keys authorized_keys
+  ansible.builtin.debug:
+    var: authorized_keys
+
+- name: Remove found authorized_keys files
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ authorized_keys.files }}"
+  when: authorized_keys.matched > 0
+
+- name: Find all authorized_keys files
+  ansible.builtin.find:
+    paths:
+      - /home
+      - /root
+    recurse: true
+    patterns: authorized_keys
+  register: authorized_keys
+
+- name: Display authorized_keys authorized_keys
+  ansible.builtin.debug:
+    var: authorized_keys
diff --git a/ansible/roles/configure_ima/tasks/main.yml b/ansible/roles/configure_ima/tasks/main.yml
index f5d06e3b..db4c5120 100644
--- a/ansible/roles/configure_ima/tasks/main.yml
+++ b/ansible/roles/configure_ima/tasks/main.yml
@@ -1,6 +1,9 @@
 ---
 # tasks file for ansible/roles/configure_ima
 
+- name: Gathering facts
+  ansible.builtin.gather_facts:
+
 - name: Check OS distribution
   ansible.builtin.debug:
     var: ansible_distribution
diff --git a/ansible/roles/no_updates/tasks/main.yml b/ansible/roles/no_updates/tasks/main.yml
index 23a4920c..2b1cfe05 100644
--- a/ansible/roles/no_updates/tasks/main.yml
+++ b/ansible/roles/no_updates/tasks/main.yml
@@ -80,7 +80,7 @@
         backup: true
       when: __dnf_automatic_conf.stat.exists
 
-    - name: Clean dnf metadata
+    - name: Clean DNF metadata
       ansible.builtin.command: dnf clean all
       register: cmd_output
       changed_when: cmd_output.rc != 0
diff --git a/ansible/roles/upgrade/tasks/main.yml b/ansible/roles/upgrade/tasks/main.yml
index 59d93f2e..9eabda1f 100644
--- a/ansible/roles/upgrade/tasks/main.yml
+++ b/ansible/roles/upgrade/tasks/main.yml
@@ -2,6 +2,9 @@
 
 # tasks file for upgrade
 
+- name: Gathering facts
+  ansible.builtin.gather_facts:
+
 - name: Update and upgrade apt packages
   when: ansible_distribution == 'Ubuntu'
   block: