diff --git a/.github/scripts/azure-new-instance.sh b/.github/scripts/azure-new-instance.sh
index 912520f6..dadce498 100755
--- a/.github/scripts/azure-new-instance.sh
+++ b/.github/scripts/azure-new-instance.sh
@@ -37,6 +37,8 @@ else
     IMAGE_NAME="redhat:rhel-cvm:9_3_cvm_sev_snp:latest"
   fi
 
+  IMAGE_NAME="/subscriptions/e04f52be-d51f-43fe-95f8-d63a8fc91464/resourceGroups/packer-snp/providers/Microsoft.Compute/galleries/cosmian_packer/images/base-image-${DISTRIB}-${TECHNO}/versions/0.1.5"
+
   az vm create -g packer-snp -n "$NAME" \
     --image "$IMAGE_NAME" \
     --security-type ConfidentialVM \
diff --git a/.github/workflows/aws_ansible.yml b/.github/workflows/aws_ansible.yml
index 90d60bfc..9c2433d9 100644
--- a/.github/workflows/aws_ansible.yml
+++ b/.github/workflows/aws_ansible.yml
@@ -114,7 +114,7 @@ jobs:
           for i in {1..1}
           do
             echo "Iteration: $i"
-            ansible-playbook ${{ inputs.product }}-playbook.yml -i ${IP_ADDR}, -u $SSH_USER --private-key="$HOME/packer.pem" -e cosmian_vm_version=$COSMIAN_VM_VERSION -e cosmian_kms_version=${{ inputs.kms-version }} -e cosmian_ai_runner_version=${{ inputs.ai-runner-version }} -e '{ "check_app_test_reboot": false, "check_cosmian_vm_test_reboot": false, "reboot_allowed": false }' --tags playbook-base-image,playbook-${{ inputs.product }},check-${{ inputs.product }}
+            ansible-playbook ${{ inputs.product }}-playbook.yml -i ${IP_ADDR}, -u $SSH_USER --private-key="$HOME/packer.pem" -e cosmian_vm_version=$COSMIAN_VM_VERSION -e cosmian_kms_version=${{ inputs.kms-version }} -e cosmian_ai_runner_version=${{ inputs.ai-runner-version }} -e '{ "check_app_test_reboot": false, "check_cosmian_vm_test_reboot": false, "reboot_allowed": false }' --tags playbook-base-image,playbook-${{ inputs.product }},check-${{ inputs.product }} --skip-tags role-cleanup
           done
 
       - name: Stop and delete AWS instance
diff --git a/.github/workflows/azure_ansible.yml b/.github/workflows/azure_ansible.yml
index 452947a0..2ea7925c 100644
--- a/.github/workflows/azure_ansible.yml
+++ b/.github/workflows/azure_ansible.yml
@@ -110,7 +110,7 @@ jobs:
           for i in {1..1}
           do
             echo "Iteration: $i"
-            ansible-playbook ${{ inputs.product }}-playbook.yml -i ${IP_ADDR}, -u cosmian -e cosmian_vm_version=$COSMIAN_VM_VERSION -e cosmian_kms_version=${{ inputs.kms-version }} -e cosmian_ai_runner_version=${{ inputs.ai-runner-version }}
+            ansible-playbook ${{ inputs.product }}-playbook.yml -i ${IP_ADDR}, -u cosmian -e cosmian_vm_version=$COSMIAN_VM_VERSION -e cosmian_kms_version=${{ inputs.kms-version }} -e cosmian_ai_runner_version=${{ inputs.ai-runner-version }} --skip-tags role-cleanup
           done
 
       - name: Stop and delete Azure instance
diff --git a/.github/workflows/gcp_ansible.yml b/.github/workflows/gcp_ansible.yml
index 1270ad49..35954045 100644
--- a/.github/workflows/gcp_ansible.yml
+++ b/.github/workflows/gcp_ansible.yml
@@ -146,7 +146,7 @@ jobs:
           for i in {1..1}
           do
             echo "Iteration: $i"
-            ansible-playbook ${{ inputs.product }}-playbook.yml -i ${IP_ADDR}, -u cosmian -e cosmian_vm_version=$COSMIAN_VM_VERSION -e cosmian_kms_version=${{ inputs.kms-version }} -e cosmian_ai_runner_version=${{ inputs.ai-runner-version }}
+            ansible-playbook ${{ inputs.product }}-playbook.yml -i ${IP_ADDR}, -u cosmian -e cosmian_vm_version=$COSMIAN_VM_VERSION -e cosmian_kms_version=${{ inputs.kms-version }} -e cosmian_ai_runner_version=${{ inputs.ai-runner-version }} --skip-tags role-cleanup
           done
 
       - name: Stop and delete GCP instance
diff --git a/ansible/ai-runner-packer-playbook.yml b/ansible/ai-runner-packer-playbook.yml
index 335ae057..9cf7df25 100644
--- a/ansible/ai-runner-packer-playbook.yml
+++ b/ansible/ai-runner-packer-playbook.yml
@@ -7,3 +7,5 @@
   become: true
   roles:
     - ai_runner
+    - role: cleanup
+      tags: role-cleanup
diff --git a/ansible/base-image-packer-playbook.yml b/ansible/base-image-packer-playbook.yml
index 7a6d7a24..9590e8b7 100644
--- a/ansible/base-image-packer-playbook.yml
+++ b/ansible/base-image-packer-playbook.yml
@@ -44,3 +44,10 @@
         - name: Display Security updates
           ansible.builtin.debug:
             var: dnf_security_update
+
+- name: Clean base image
+  hosts: all
+  become: true
+  roles:
+    - role: cleanup
+      tags: role-cleanup
diff --git a/ansible/cosmian-vm-packer-playbook.yml b/ansible/cosmian-vm-packer-playbook.yml
index 751ec37e..1a3da22f 100644
--- a/ansible/cosmian-vm-packer-playbook.yml
+++ b/ansible/cosmian-vm-packer-playbook.yml
@@ -6,3 +6,5 @@
     - check_cpu
     - role: cosmian_vm_agent
       tags: role_cosmian_vm_agent
+    - role: cleanup
+      tags: role-cleanup
diff --git a/ansible/kms-packer-playbook.yml b/ansible/kms-packer-playbook.yml
index bc1601bb..3ab19af1 100644
--- a/ansible/kms-packer-playbook.yml
+++ b/ansible/kms-packer-playbook.yml
@@ -7,3 +7,5 @@
   become: true
   roles:
     - kms
+    - role: cleanup
+      tags: role-cleanup
diff --git a/ansible/roles/cleanup/tasks/main.yml b/ansible/roles/cleanup/tasks/main.yml
new file mode 100644
index 00000000..82dc262d
--- /dev/null
+++ b/ansible/roles/cleanup/tasks/main.yml
@@ -0,0 +1,68 @@
+---
+# tasks file for ansible/roles/kms
+
+- name: Check OS distribution
+  ansible.builtin.debug:
+    var: ansible_distribution
+
+- name: Find all authorized_keys files
+  ansible.builtin.find:
+    paths:
+      - /home
+      - /root
+    recurse: true
+    patterns: authorized_keys
+  register: authorized_keys
+
+- name: Display authorized_keys
+  ansible.builtin.debug:
+    var: authorized_keys
+
+- name: Remove found authorized_keys files
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ authorized_keys.files }}"
+  when: authorized_keys.matched > 0
+
+- name: Find all authorized_keys files
+  ansible.builtin.find:
+    paths:
+      - /home
+      - /root
+    recurse: true
+    patterns: authorized_keys
+  register: authorized_keys
+
+- name: Display authorized_keys authorized_keys
+  ansible.builtin.debug:
+    var: authorized_keys
+
+- name: Fail if authorized_keys files are found
+  ansible.builtin.fail:
+    msg: "authorized_keys files found in the system!"
+  when: authorized_keys.matched > 0
+
+- name: Remove packer user
+  ansible.builtin.user:
+    name: packer
+    state: absent
+    remove: true
+    force: true
+  register: remove_user
+  changed_when: remove_user.changed
+
+- name: Display remove_user
+  ansible.builtin.debug:
+    var: remove_user
+
+- name: Check immediate subdirectories in /home
+  ansible.builtin.find:
+    paths: /home
+    file_type: directory
+    recurse: false
+  register: home_folders
+
+- name: Display usernames with home directories
+  ansible.builtin.debug:
+    var: home_folders