diff --git a/sources/identity/init.template.sh b/sources/identity/init.template.sh
index a8fbd026..e41c17a6 100644
--- a/sources/identity/init.template.sh
+++ b/sources/identity/init.template.sh
@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
 # must be bash because we source a bashrc file
+set -ex
 if [ -n "$1" ]; then
   CHARM_URL="$1"
 fi
@@ -42,18 +43,42 @@ fi
 mkdir -p /etc/apt/keyrings
 curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --batch --yes --dearmor -o /etc/apt/keyrings/nodesource.gpg
 echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_21.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list
-apt update
-apt install -y curl nodejs npm ucspi-tcp unzip xxd
+DEBIAN_FRONTEND=noninteractive apt update
+DEBIAN_FRONTEND=noninteractive apt dist-upgrade -yq
+DEBIAN_FRONTEND=noninteractive apt autoremove -y
+DEBIAN_FRONTEND=noninteractive apt autoclean -y
+DEBIAN_FRONTEND=noninteractive apt install -y curl nodejs ucspi-tcp unzip xxd unattended-upgrades
+AUTO_UPGRADES_FILE="/etc/apt/apt.conf.d/20auto-upgrades"
+REQUIRED_LINES=(
+    'APT::Periodic::Update-Package-Lists "1";'
+    'APT::Periodic::Download-Upgradeable-Packages "1";'
+    'APT::Periodic::AutocleanInterval "7";'
+    'APT::Periodic::Unattended-Upgrade "1";'
+)
+add_line_if_not_present() {
+    local line="$1"
+    local file="$2"
+    grep -qF -- "$line" "$file" || echo "$line" >> "$file"
+}
+if [ ! -f "$AUTO_UPGRADES_FILE" ]; then
+    echo "$AUTO_UPGRADES_FILE does not exist, creating it..."
+    touch "$AUTO_UPGRADES_FILE"
+fi
+for line in "${REQUIRED_LINES[@]}"; do
+    add_line_if_not_present "$line" "$AUTO_UPGRADES_FILE"
+done
+echo "The $AUTO_UPGRADES_FILE has been updated."
+
 npm install -g npm@latest
 npm --version
 node --version
 if command -v snap; then
   snap install powershell --classic
 else
-  apt install -y libicu72
-  curl -O https://github.com/PowerShell/PowerShell/releases/download/v7.4.1/powershell_7.4.1-1.deb_amd64.deb
+  DEBIAN_FRONTEND=noninteractive apt install -y libicu72
+  curl -LO https://github.com/PowerShell/PowerShell/releases/download/v7.4.1/powershell_7.4.1-1.deb_amd64.deb
   dpkg -i powershell_7.4.1-1.deb_amd64.deb
-  apt install -f
+  DEBIAN_FRONTEND=noninteractive apt install -f
 fi
 cd ~
 if [ ! -d "code" ]; then
@@ -67,11 +92,12 @@ chmod +x *.ps1 *.sh
 CHARM_LINK_URL="$CHARM_LINK_URL" ./provider.sh &
 get_http_status() {
     local url=$1
-    curl -o /dev/null -s -w "%{http_code}\n" "$url"
+    curl -Lo /dev/null -s -w "%{http_code}\n" "$url"
 }
 
 start_time=$(date +%s)
 
+set +e
 while : ; do
     current_time=$(date +%s)
     elapsed_time=$((current_time - start_time))
@@ -84,34 +110,34 @@ while : ; do
     http_status=$(get_http_status "$CHARM_LINK_URL")
     echo "Checking URL: $CHARM_LINK_URL - HTTP status: $http_status"
 
-    if [ "$http_status" -eq 405 ]; then
-        echo "Verified charm link url is working, breaking loop."
+    if [ "$http_status" -ne 000 ]; then
+        echo "Verified charm link url is responding, breaking loop."
         break
     fi
 
     sleep 2
 done
-if [ "$elapsed_time" -ge 60 ]; then
-    echo "Failed to obtain charm link"
-    exit 1
-fi
+set -e
+echo "Obtaining charm link"
 response=$(curl -sL "$CHARM_LINK_URL" --data-urlencode "keys=$(./identity charm keys --simple | tr '\n' ',' | sed 's/,$//')")
 
 if [ -n "$response" ]; then
     extracted_value=$(echo "$response" | sed -n 's/.*HTTP\/1\.1 200 \(.*\)\r.*/\1/p')
 
-    if [ -n "$extracted_value" ]; then
+    if [ -z "$extracted_value" ]; then
         echo "Unexpected response: $extracted_value"
         exit 1
     fi
-
-    CHARM_LINK=$response
 else
     echo "Failed to obtain charm link"
     exit 1
 fi
+set -ex
+CHARM_LINK=$extracted_value
 ./identity charm link -d "$CHARM_LINK"
 ./identity charm kv sync
 ./identity charm kv get dt.identity.init > .init
 chmod +x .init
+echo "Running .init"
+set +e
 ./.init
diff --git a/sources/identity/provider.sh b/sources/identity/provider.sh
index 32b5e9cb..cc2b7bcf 100644
--- a/sources/identity/provider.sh
+++ b/sources/identity/provider.sh
@@ -6,7 +6,7 @@ random() {
   echo $(dd if=/dev/urandom bs=1 count=64 2>/dev/null | xxd -p)
 }
 if [ -z "$CHARM_DIR" ]; then
-  CHARM_DIR=~$USER/code/source/identity/data/charms/$(random)
+  CHARM_DIR=~/code/source/identity/data/charms/$(random)
 fi
 if [ -n "$2" ]; then
   INIT_URL=$2
@@ -55,7 +55,7 @@ sed -i "s|{{CHARM_LINK_URL}}|$CHARM_LINK_URL|g" ./provider/static/init
 ./identity charm kv set dt.identity.secret.TURSO_AUTH_TOKEN "$TURSO_AUTH_TOKEN"
 ./identity charm kv set dt.identity.init <<EOF
 #!/usr/bin/env pwsh
-cd ~\$USER/code/source/identity
+cd ~/code/source/identity
 ./identity charm kv sync
 TURSO_HOST=$(./identity charm kv get dt.identity.secret.TURSO_HOST)
 export TURSO_HOST
diff --git a/sources/identity/provider/background.sh b/sources/identity/provider/background.sh
new file mode 100644
index 00000000..0fe18ae6
--- /dev/null
+++ b/sources/identity/provider/background.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+cd "${0%/*}"
+
+[[ -f 'config.sh' ]] && source config.sh
+
+execute_file() {
+    local file=$1
+    echo "Executing file: $file"
+    chmod +x "$BACKGROUND_JOB_EXECUTING_DIR/$file"
+    if bash "$BACKGROUND_JOB_EXECUTING_DIR/$file"; then
+        echo "File executed successfully: $file"
+        mv "$BACKGROUND_JOB_EXECUTING_DIR/$file" "$BACKGROUND_JOB_COMPLETE_DIR/"
+    else
+        echo "File execution failed: $file"
+        mv "$BACKGROUND_JOB_EXECUTING_DIR/$file" "$BACKGROUND_JOB_FAILED_DIR/"
+    fi
+}
+monitor_files() {
+    while true; do
+        for file in "$BACKGROUND_JOB_DIR"/*; do
+            if [ -f "$file" ]; then
+                mv "$file" "$BACKGROUND_JOB_EXECUTING_DIR/"
+                execute_file "$(basename "$file")" &
+            fi
+        done
+        sleep 1
+    done
+}
+mkdir -p "$BACKGROUND_JOB_EXECUTING_DIR" "$BACKGROUND_JOB_COMPLETE_DIR" "$BACKGROUND_JOB_FAILED_DIR"
+mv "$BACKGROUND_JOB_EXECUTING_DIR"/* "$BACKGROUND_JOB_FAILED_DIR/" 2>/dev/null
+monitor_files &
diff --git a/sources/identity/provider/background/1a49f078.sh b/sources/identity/provider/background/1a49f078.sh
new file mode 100644
index 00000000..5a683674
--- /dev/null
+++ b/sources/identity/provider/background/1a49f078.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+CHARM_DIR="/mnt/c/Users/drewr/code/source/identity/data/charms/a1f88a4bb72f92dcf61546ecad235d6aa69135ed968d2338d02e25ef0873
+/mnt/c/Users/drewr/code/sources/identity/provider/e2c1ecb06855c73be5d4caff283830bff53d9ded9853cb4dc5f16d942fdc
+/mnt/c/Users/drewr/code/sources/identity/provider/1a49f078/714abdbbb40c14a8a45cd16e6c3d4d5be03c8d5eca7d8ebc9a63db25975cd713" ~/code/src/identity/identity charm link -d -o "/mnt/c/Users/drewr/code/source/identity/data/charms/a1f88a4bb72f92dcf61546ecad235d6aa69135ed968d2338d02e25ef0873
+/mnt/c/Users/drewr/code/sources/identity/provider/e2c1ecb06855c73be5d4caff283830bff53d9ded9853cb4dc5f16d942fdc
+/mnt/c/Users/drewr/code/sources/identity/provider/1a49f078/714abdbbb40c14a8a45cd16e6c3d4d5be03c8d5eca7d8ebc9a63db25975cd713/.link" -k "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByQfvwjrZj1k3QKZgayCc2ESn3iYO1RLM2Dv07ySqS8,ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICcB2drOfxskb9DPYUUSHFTeC/ZOBkCaUfOQlgN0ksJW,ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVuZZlEpHfQADiUoofkUI2dQKbgRnlnODlCefwBOPIi,ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrsT5Eest3+VnbXZmXidY5CZFscxe7wDYsnHs/Muc/x,ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE6z33ZduBR8BvZA9GUTz14TrvEebgMG8nTxXy76ZCcd,ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEzWRyTB2o5V2GsChvTUYCd1Vcr0okj4KdWD9Qz3tY8G,ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdz0QkZImiBwH6XVdH79T8oAkDhuNFoytqjcKweNHrt,ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILM2XPD+Wsn+Ziwemd3TB1mU1u4OR2H8Gk82x1BSRFsP,ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILt3T+gVAJsbYfEDbUfhVxkeBpyCd2XGK8WJDXZkCaBY,ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMFQBfv63aVT4g4zU4ysYCNsvuWELe/0mAMkzh7Xz/iQ,ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo8of8l94GaN9GnpaObO7h/J7v5Nl8uHiLoMsmEfg7q"
diff --git a/sources/identity/provider/config.sh b/sources/identity/provider/config.sh
index 93cda911..559a17b2 100644
--- a/sources/identity/provider/config.sh
+++ b/sources/identity/provider/config.sh
@@ -1 +1,13 @@
 PROJECT_NAME=provider
+if [[ -z "$BACKGROUND_JOB_DIR" ]]; then
+  BACKGROUND_JOB_DIR="$(realpath "${0%/*}")/.."
+fi
+if [[ -z "$BACKGROUND_JOB_EXECUTING_DIR" ]]; then
+  BACKGROUND_JOB_EXECUTING_DIR="$BACKGROUND_JOB_DIR/executing"
+fi
+if [[ -z "$BACKGROUND_JOB_COMPLETE_DIR" ]]; then
+  BACKGROUND_JOB_COMPLETE_DIR="$BACKGROUND_JOB_DIR/complete"
+fi
+if [[ -z "$BACKGROUND_JOB_FAILED_DIR" ]]; then
+  BACKGROUND_JOB_FAILED_DIR="$BACKGROUND_JOB_DIR/failed"
+fi
diff --git a/sources/identity/provider/pages/link.sh b/sources/identity/provider/pages/link.sh
index ac78faa9..6f28cc1e 100644
--- a/sources/identity/provider/pages/link.sh
+++ b/sources/identity/provider/pages/link.sh
@@ -1,37 +1,48 @@
 if [[ "$REQUEST_METHOD" != "POST" ]]; then
   return $(status_code 405)
-fi
+else
 random() {
   dd if=/dev/urandom bs=1 count="${1:-32}" 2>/dev/null | xxd -p | tr -d '[:space:]'
 }
 for key in "${!FORM_DATA[@]}"; do
   if [[ "$key" == "keys" ]]; then
-    CHARM_DIR=$CHARM_DIR/$(random)
-    mkdir -p "$CHARM_DIR"
-    LINK_CODE_PATH=$CHARM_DIR/.link
-    rm -rf "$LINK_CODE_PATH"
-
+    KEYS="${FORM_DATA[$key]}"
+    break
+  fi
+done
+if [[ -z "$KEYS" ]]; then
+  return $(status_code 405)
+fi
+CHARM_DIR=$(realpath $CHARM_DIR)"/$(random)"
+mkdir -p "$CHARM_DIR"
+LINK_CODE_PATH=$CHARM_DIR/.link
+rm -rf "$LINK_CODE_PATH"
 mkdir -p "$(dirname "$LINK_CODE_PATH")"
-
-~/code/src/identity/identity charm link -d -o "$LINK_CODE_PATH" -k "${FORM_DATA[$key]}" > /dev/null 2>&1
+cat << EOF > "$BACKGROUND_JOB_DIR/$(basename "$(dirname "$CHARM_DIR")").sh"
+#!/usr/bin/env bash
+CHARM_DIR="$CHARM_DIR" ~/code/src/identity/identity charm link -d -o "$LINK_CODE_PATH" -k "${FORM_DATA[$key]}"
+EOF
+echo "Created background job: $BACKGROUND_JOB_DIR/$(basename "$(dirname "$CHARM_DIR")").sh" >&2
 max_wait=60 # seconds
 wait_interval=1 # seconds
 elapsed_time=0
-
 while [[ ! -f "$LINK_CODE_PATH" && $elapsed_time -lt $max_wait ]]; do
   sleep $wait_interval
   ((elapsed_time+=wait_interval))
+  echo "Waiting for link code: $elapsed_time seconds elapsed" >&2
 done
-
-if [[ -f "$LINK_CODE_PATH" ]]; then
-  LINK_CODE=$(cat "$LINK_CODE_PATH")
-  if [[ -z "$LINK_CODE" ]]; then
-    respond 405 "Failure."
-  else
-    respond 200 "$LINK_CODE"
-  fi
-else
-  respond 405 "Failure."
+echo "Elapsed time: $elapsed_time" >&2
+if [[ "$elapsed_time" -ge $max_wait ]]; then
+  return $(status_code 405)
 fi
-  fi
-done
+if [[ ! -f "$LINK_CODE_PATH" ]]; then
+  return $(status_code 405)
+fi
+LINK_CODE=$(cat "$LINK_CODE_PATH")
+if [[ -z "$LINK_CODE" ]]; then
+  return $(status_code 405)
+fi
+echo "Obtained charm link code: $LINK_CODE" >&2
+respond 200 "$LINK_CODE"
+fi
+echo "Done" >&2
diff --git a/sources/identity/provider/start.sh b/sources/identity/provider/start.sh
index 9375aca3..ebd9bdf3 100644
--- a/sources/identity/provider/start.sh
+++ b/sources/identity/provider/start.sh
@@ -21,6 +21,8 @@ mkdir -p sessions
 mkdir -p pubsub
 mkdir -p data
 mkdir -p uploads
+mkdir -p exec
+
 
 PORT=${PORT:-3333}