diff --git a/package.json b/package.json
index f61a2ee..aa3864e 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@p0security/cli",
-  "version": "0.11.4",
+  "version": "0.12.0",
   "description": "Execute infra CLI commands with P0 grants",
   "main": "index.ts",
   "repository": {
diff --git a/src/commands/__tests__/ssh.test.ts b/src/commands/__tests__/ssh.test.ts
index c6d62ff..24651a6 100644
--- a/src/commands/__tests__/ssh.test.ts
+++ b/src/commands/__tests__/ssh.test.ts
@@ -11,6 +11,7 @@ You should have received a copy of the GNU General Public License along with @p0
 import { TEST_PUBLIC_KEY } from "../../common/__mocks__/keys";
 import { fetchCommand } from "../../drivers/api";
 import { print1, print2 } from "../../drivers/stdio";
+import { AwsSshGenerated, AwsSshPermission } from "../../plugins/aws/types";
 import { sshOrScp } from "../../plugins/ssh";
 import { mockGetDoc } from "../../testing/firestore";
 import { sleep } from "../../util";
@@ -30,24 +31,34 @@ const mockSshOrScp = sshOrScp as jest.Mock;
 const mockPrint1 = print1 as jest.Mock;
 const mockPrint2 = print2 as jest.Mock;
 
-const MOCK_REQUEST = {
-  status: "DONE",
-  generated: {
+const MOCK_PERMISSION: AwsSshPermission = {
+  provider: "aws",
+  publicKey: TEST_PUBLIC_KEY,
+  region: "region",
+  alias: "alias",
+  resource: {
+    account: "accountId",
+    accountId: "accountId",
+    arn: "arn",
+    idcRegion: "idcRegion",
+    idcId: "idcId",
     name: "name",
-    ssh: {
-      linuxUserName: "linuxUserName",
-    },
+    userName: "userName",
+    instanceId: "instanceId",
   },
-  permission: {
-    spec: {
-      awsResourcePermission: { permission: {} },
-      instanceId: "instanceId",
-      accountId: "accountId",
-      region: "region",
-      publicKey: TEST_PUBLIC_KEY,
-      type: "aws",
-    },
+};
+
+const MOCK_GENERATED: AwsSshGenerated = {
+  resource: {
+    name: "name",
   },
+  linuxUserName: "linuxUserName",
+};
+
+const MOCK_REQUEST = {
+  status: "DONE",
+  generated: MOCK_GENERATED,
+  permission: MOCK_PERMISSION,
 };
 
 mockGetDoc({
diff --git a/src/commands/shared/ssh.ts b/src/commands/shared/ssh.ts
index 57ed4d6..134e289 100644
--- a/src/commands/shared/ssh.ts
+++ b/src/commands/shared/ssh.ts
@@ -90,7 +90,7 @@ const pluginToCliRequest = async (
   request: Request<PluginSshRequest>,
   options?: { debug?: boolean }
 ): Promise<Request<CliSshRequest>> =>
-  await SSH_PROVIDERS[request.permission.spec.type].toCliRequest(
+  await SSH_PROVIDERS[request.permission.provider].toCliRequest(
     request as any,
     options
   );
@@ -139,7 +139,7 @@ export const provisionRequest = async (
     authn,
     id
   );
-  if (provisionedRequest.permission.spec.publicKey !== publicKey) {
+  if (provisionedRequest.permission.publicKey !== publicKey) {
     throw "Public key mismatch. Please revoke the request and try again.";
   }
 
@@ -158,7 +158,7 @@ export const prepareRequest = async (
 
   const { provisionedRequest } = result;
 
-  const sshProvider = SSH_PROVIDERS[provisionedRequest.permission.spec.type];
+  const sshProvider = SSH_PROVIDERS[provisionedRequest.permission.provider];
   await sshProvider.ensureInstall();
 
   const cliRequest = await pluginToCliRequest(provisionedRequest, {
diff --git a/src/plugins/aws/ssh.ts b/src/plugins/aws/ssh.ts
index 85cce00..22fbe32 100644
--- a/src/plugins/aws/ssh.ts
+++ b/src/plugins/aws/ssh.ts
@@ -112,11 +112,10 @@ export const awsSshProvider: SshProvider<
 
   requestToSsh: (request) => {
     const { permission, generated } = request;
-    const { awsResourcePermission, instanceId, accountId, region } =
-      permission.spec;
-    const { idcId, idcRegion } = awsResourcePermission.permission;
-    const { ssh, name } = generated;
-    const { linuxUserName } = ssh;
+    const { resource, region } = permission;
+    const { idcId, idcRegion, instanceId, accountId } = resource;
+    const { linuxUserName, resource: generatedResource } = generated;
+    const { name } = generatedResource;
     const common = { linuxUserName, accountId, region, id: instanceId };
     return !idcId || !idcRegion
       ? { ...common, role: name, type: "aws", access: "role" }
diff --git a/src/plugins/aws/types.ts b/src/plugins/aws/types.ts
index 0642dd6..3466612 100644
--- a/src/plugins/aws/types.ts
+++ b/src/plugins/aws/types.ts
@@ -62,27 +62,25 @@ export type AwsConfig = {
 
 // -- Specific AWS permission types
 
-export type AwsSshPermission = {
-  spec: CommonSshPermissionSpec & {
-    instanceId: string;
+export type AwsSshPermission = CommonSshPermissionSpec & {
+  provider: "aws";
+  region: string;
+  alias: string;
+  resource: {
+    account: string;
     accountId: string;
-    region: string;
-    type: "aws";
-    awsResourcePermission: {
-      permission: {
-        idcId?: string;
-        idcRegion?: string;
-      };
-    };
+    arn: string;
+    idcId: string;
+    idcRegion: string;
+    instanceId: string;
+    name: string;
+    userName: string;
   };
-  type: "session";
 };
 
 export type AwsSshGenerated = {
-  name: string;
-  ssh: {
-    linuxUserName: string;
-  };
+  resource: { name: string };
+  linuxUserName: string;
 };
 
 export type AwsSshPermissionSpec = PermissionSpec<
diff --git a/src/plugins/azure/ssh.ts b/src/plugins/azure/ssh.ts
index 528b33e..df48f7f 100644
--- a/src/plugins/azure/ssh.ts
+++ b/src/plugins/azure/ssh.ts
@@ -57,8 +57,8 @@ export const azureSshProvider: SshProvider<
   // TODO: Placeholder
   requestToSsh: (request) => ({
     type: "azure",
-    id: request.permission.spec.instanceId,
-    instanceId: request.permission.spec.instanceId,
+    id: request.permission.resource.instanceId,
+    instanceId: request.permission.resource.instanceId,
     linuxUserName: request.cliLocalData.linuxUserName,
   }),
 
@@ -69,10 +69,7 @@ export const azureSshProvider: SshProvider<
   toCliRequest: async (request, options) => ({
     ...request,
     cliLocalData: {
-      linuxUserName: await importSshKey(
-        request.permission.spec.publicKey,
-        options
-      ),
+      linuxUserName: await importSshKey(request.permission.publicKey, options),
     },
   }),
 };
diff --git a/src/plugins/azure/types.ts b/src/plugins/azure/types.ts
index faeaf58..7c1fa09 100644
--- a/src/plugins/azure/types.ts
+++ b/src/plugins/azure/types.ts
@@ -20,9 +20,20 @@ export type AzureSsh = CliPermissionSpec<
   { linuxUserName: string }
 >;
 
-export type AzureSshPermission = {
-  type: "session";
-  spec: CommonSshPermissionSpec & AzureNodeSpec;
+export type AzureSshPermission = CommonSshPermissionSpec & {
+  provider: "azure";
+  destination: string;
+  parent: string | undefined;
+  group: string | undefined;
+  resource: {
+    instanceName: string;
+    instanceId: string;
+    subscriptionId: string;
+    subscriptionName: string;
+    resourceGroupId: string;
+    region: string;
+    networkInterfaceIds: string[];
+  };
 };
 
 // TODO: Placeholder; probably wrong
diff --git a/src/plugins/google/ssh.ts b/src/plugins/google/ssh.ts
index 8b85666..0e0aca3 100644
--- a/src/plugins/google/ssh.ts
+++ b/src/plugins/google/ssh.ts
@@ -107,9 +107,9 @@ export const gcpSshProvider: SshProvider<
 
   requestToSsh: (request) => {
     return {
-      id: request.permission.spec.instanceName,
-      projectId: request.permission.spec.projectId,
-      zone: request.permission.spec.zone,
+      id: request.permission.resource.instanceName,
+      projectId: request.permission.resource.projectId,
+      zone: request.permission.zone,
       linuxUserName: request.cliLocalData.linuxUserName,
       type: "gcloud",
     };
@@ -120,10 +120,7 @@ export const gcpSshProvider: SshProvider<
   toCliRequest: async (request, options) => ({
     ...request,
     cliLocalData: {
-      linuxUserName: await importSshKey(
-        request.permission.spec.publicKey,
-        options
-      ),
+      linuxUserName: await importSshKey(request.permission.publicKey, options),
     },
   }),
 };
diff --git a/src/plugins/google/types.ts b/src/plugins/google/types.ts
index 608822d..3f9f8d5 100644
--- a/src/plugins/google/types.ts
+++ b/src/plugins/google/types.ts
@@ -12,14 +12,13 @@ import { PermissionSpec } from "../../types/request";
 import { CliPermissionSpec } from "../../types/ssh";
 import { CommonSshPermissionSpec } from "../ssh/types";
 
-export type GcpSshPermission = {
-  spec: CommonSshPermissionSpec & {
+export type GcpSshPermission = CommonSshPermissionSpec & {
+  provider: "gcloud";
+  zone: string;
+  resource: {
     instanceName: string;
     projectId: string;
-    zone: string;
-    type: "gcloud";
   };
-  type: "session";
 };
 
 export type GcpSshPermissionSpec = PermissionSpec<"ssh", GcpSshPermission>;
@@ -30,11 +29,11 @@ export type GcpSsh = CliPermissionSpec<
 >;
 
 export type GcpSshRequest = {
+  type: "gcloud";
   linuxUserName: string;
   projectId: string;
   zone: string;
   id: string;
-  type: "gcloud";
 };
 
 type PosixAccount = {
diff --git a/src/types/request.ts b/src/types/request.ts
index fb0e52c..2a69b4a 100644
--- a/src/types/request.ts
+++ b/src/types/request.ts
@@ -9,7 +9,7 @@ This file is part of @p0security/cli
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
 import { K8sPermissionSpec } from "../plugins/kubeconfig/types";
-import { PluginSshRequest } from "./ssh";
+import { PluginSshRequest, SupportedSshProvider } from "./ssh";
 
 export const DONE_STATUSES = ["DONE", "DONE_NOTIFIED"] as const;
 export const DENIED_STATUSES = ["DENIED", "DENIED_NOTIFIED"] as const;
@@ -21,7 +21,7 @@ export const ERROR_STATUSES = [
 
 export type PermissionSpec<
   K extends string,
-  P extends { type: string },
+  P extends { provider: SupportedSshProvider } | { type: string },
   G extends object | undefined = undefined,
 > = {
   type: K;