diff --git a/software/kvm/common.cfg b/software/kvm/common.cfg
index a433527a871c640fddbdf2cc0aaafbf65e630143..875c96213670ac210cb0cb8155c29e438ad4bedb 100644
--- a/software/kvm/common.cfg
+++ b/software/kvm/common.cfg
@@ -21,6 +21,7 @@ parts =
 
 # XXX: we have to manually add this for resilience
   rdiff-backup
+  collective.recipe.template-egg
 
 #XXX-Cedric : Currently, one can only access to KVM using noVNC.
 #             Ideally one should be able to access KVM by using either NoVNC or VNC.
diff --git a/software/slaprunner/common.cfg b/software/slaprunner/common.cfg
index b93650fac56c32a6f4b26588b335c4dabfc78fc0..30b7ffb04978aaf4515c0e45caa8ac4e932355a3 100644
--- a/software/slaprunner/common.cfg
+++ b/software/slaprunner/common.cfg
@@ -15,7 +15,6 @@ extends =
   ../../stack/slapos.cfg
 
 parts =
-  rdiff-backup
   template
   eggs
   nginx
@@ -27,6 +26,10 @@ parts =
   instance-runner-export
   slapos-cookbook
 
+# XXX: we have to manually add this for resilience
+  rdiff-backup
+  collective.recipe.template-egg
+
 ####################
 ## Node JS proxy
 ####################
diff --git a/stack/resilient/buildout.cfg b/stack/resilient/buildout.cfg
index 8bbb7d45ed46d1f3964d8b4ab1c69888dc117f86..25694bde5b4e463ffcafdaf54be8602523fced0a 100644
--- a/stack/resilient/buildout.cfg
+++ b/stack/resilient/buildout.cfg
@@ -1,12 +1,13 @@
 [buildout]
 extends =
+  ../../component/dash/buildout.cfg
   ../../component/dropbear/buildout.cfg
   ../../component/gzip/buildout.cfg
   ../../component/rdiff-backup/buildout.cfg
   ../../component/rsync/buildout.cfg
 
 parts =
-  rdiff-backup
+  collective.recipe.template-egg
   pbsready
   pbsready-import
   pbsready-export
@@ -16,7 +17,12 @@ parts =
 
   # needed tools for resiliency
   gzip
+  rdiff-backup
+  dash
 
+[collective.recipe.template-egg]
+recipe = zc.recipe.egg
+eggs = collective.recipe.template
 
 #----------------
 #--
@@ -30,7 +36,7 @@ parts =
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/pbsready.cfg.in
 output = ${buildout:directory}/pbsready.cfg
-md5sum = 570e0b54c97d510befa2ea981c1e90e0
+#md5sum = 46f9d33e642467a72c599c8dc767e6c3
 mode = 0644
 
 [pbsready-import]
@@ -39,7 +45,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/pbsready-import.cfg.in
 output = ${buildout:directory}/pbsready-import.cfg
-md5sum = cc9c776500ccd07cb51969beb68ffcda
+md5sum = cb562bd954b9e809c8748d0f96de4116
 mode = 0644
 
 [pbsready-export]
@@ -48,7 +54,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/pbsready-export.cfg.in
 output = ${buildout:directory}/pbsready-export.cfg
-md5sum = 25d05b3929fb4c6cf275866bad678d6a
+md5sum = 8fb619622a08aff2321497895e04df16
 mode = 0644
 
 [template-pull-backup]
@@ -61,14 +67,14 @@ mode = 0644
 [template-replicated]
 recipe = slapos.recipe.download
 url = ${:_profile_base_location_}/template-replicated.cfg.in
-md5sum = c762a625f65193bc8a570b4d56a0d08c
+md5sum = e8cf325c87c9b4416a47c14bc68e1bdf
 mode = 0644
 destination = ${buildout:directory}/template-replicated.cfg.in
 
 [template-parts]
 recipe = slapos.recipe.download
 url = ${:_profile_base_location_}/template-parts.cfg.in
-md5sum = c942f82552fcb42fc74a5f896e0cd5f3
+md5sum = dcce0e74292eddffde7f9e366d356080
 mode = 0644
 destination = ${buildout:directory}/template-parts.cfg.in
 
diff --git a/stack/resilient/pbsready-export.cfg.in b/stack/resilient/pbsready-export.cfg.in
index 85b9eb8aa281529b88decb6e41ba6c3452967f06..2bdc81f2d8caf236d0f9414b463f427d1ef80347 100644
--- a/stack/resilient/pbsready-export.cfg.in
+++ b/stack/resilient/pbsready-export.cfg.in
@@ -14,6 +14,7 @@ parts =
   sshkeys-authority
   dropbear-server
   sshkeys-dropbear
+  resilient-sshkeys-dropbear-promise
   dropbear-server-pbs-authorized-key
   notifier
 
diff --git a/stack/resilient/pbsready-import.cfg.in b/stack/resilient/pbsready-import.cfg.in
index 5028c05ae82890a8530ca8c9735f18bbc38a4331..e3e3de14a32e2aa684fd7e778aa6a5867ad67c99 100644
--- a/stack/resilient/pbsready-import.cfg.in
+++ b/stack/resilient/pbsready-import.cfg.in
@@ -14,6 +14,7 @@ parts =
   sshkeys-authority
   dropbear-server
   sshkeys-dropbear
+  resilient-sshkeys-dropbear-promise
   dropbear-server-pbs-authorized-key
   notifier
 
diff --git a/stack/resilient/pbsready.cfg.in b/stack/resilient/pbsready.cfg.in
index 59dc441363e8e9862f77127e408bad3bac95dfc1..1c38634b4526e6a91b1847582c5499b72c159ef8 100644
--- a/stack/resilient/pbsready.cfg.in
+++ b/stack/resilient/pbsready.cfg.in
@@ -10,6 +10,7 @@ parts =
   sshkeys-authority
   dropbear-server
   sshkeys-dropbear
+  resilient-sshkeys-dropbear-promise
   dropbear-server-pbs-authorized-key
   notifier
 
@@ -179,6 +180,27 @@ server-binary = ${buildout:bin-directory}/pubsubserver
 notifier-binary = ${buildout:bin-directory}/pubsubnotifier
 
 
+#----------------
+#--
+#-- Dropbear.
+
+[dropbear-server]
+recipe = slapos.cookbook:dropbear
+host = $${slap-network-information:global-ipv6}
+# Explicitely excludes to define "port" argument. It will be defined in
+# pbs-ready-import.cfg.in and pbs-ready-export.cfg.in
+home = $${directory:ssh}
+wrapper = $${rootdirectory:bin}/raw_sshd
+shell = $${rdiff-backup-server:wrapper}
+rsa-keyfile = $${directory:ssh}/server_key.rsa
+dropbear-binary = ${dropbear:location}/sbin/dropbear
+
+[dropbear-server-pbs-authorized-key]
+<= dropbear-server
+recipe = slapos.cookbook:dropbear.add_authorized_key
+key = $${slap-parameter:authorized-key}
+
+
 #----------------
 #--
 #-- sshkeys
@@ -205,31 +227,21 @@ public-key = $${dropbear-server:rsa-keyfile}.pub
 private-key = $${dropbear-server:rsa-keyfile}
 wrapper = $${basedirectory:services}/sshd
 
-
-#----------------
-#--
-#-- Dropbear.
-
-[dropbear-server]
-recipe = slapos.cookbook:dropbear
-host = $${slap-network-information:global-ipv6}
-# Explicitely excludes to define "port" argument. It will be defined in
-# pbs-ready-import.cfg.in and pbs-ready-export.cfg.in
-home = $${directory:ssh}
-wrapper = $${rootdirectory:bin}/raw_sshd
-shell = $${rdiff-backup-server:wrapper}
-rsa-keyfile = $${directory:ssh}/server_key.rsa
-dropbear-binary = ${dropbear:location}/sbin/dropbear
-
-[dropbear-server-pbs-authorized-key]
-<= dropbear-server
-recipe = slapos.cookbook:dropbear.add_authorized_key
-key = $${slap-parameter:authorized-key}
+[resilient-sshkeys-dropbear-promise]
+# Check that public key file exists and is not empty
+recipe = collective.recipe.template
+input = inline:#!${dash:location}/bin/dash
+  PUBLIC_KEY_CONTENT="$${sshkeys-dropbear:public-key-value}"
+  if [ ! -n "$PUBLIC_KEY_CONTENT" ]; then
+    exit 1
+  fi
+output = $${basedirectory:promises}/public-key-existence
+mode = 700
 
 
 #----------------
 #--
-#-- Conncetion informations to re-use.
+#-- Connection informations to re-use.
 # XXX-Cedric: when "aggregation" system is done in libslap, directly publish.
 [resilient-publish-connection-parameter]
 recipe = slapos.cookbook:publish
diff --git a/stack/resilient/template-parts.cfg.in b/stack/resilient/template-parts.cfg.in
index 5f1837ee578dfcfd90b251bf80153af082e8171a..7998275bde08fe0f3bbc0834564c51090dfcafd6 100644
--- a/stack/resilient/template-parts.cfg.in
+++ b/stack/resilient/template-parts.cfg.in
@@ -4,10 +4,12 @@
 
   request-{{namebase}}
   request-{{namebase}}-2
+  resilient-request-{{namebase}}-public-key-promise
   
   {% for i in range(1,nbbackup|int) %}
   request-{{namebase}}-pseudo-replicating-{{i}}
   request-{{namebase}}-pseudo-replicating-{{i}}-2
+  resilient-request-{{namebase}}-pseudo-replicating-{{i}}-public-key-promise
   {% endfor %}
   
   {% for i in range(1,nbbackup|int) %}
diff --git a/stack/resilient/template-replicated.cfg.in b/stack/resilient/template-replicated.cfg.in
index e977505c131a08dfb6b51ff11a3304478ad4c731..2bc5d58d4284a839b51b058f5b09621ba71442ad 100644
--- a/stack/resilient/template-replicated.cfg.in
+++ b/stack/resilient/template-replicated.cfg.in
@@ -11,6 +11,13 @@
 {% endif -%}
 
 
+[resilient-directory]
+recipe = slapos.cookbook:mkdirectory
+home = ${buildout:directory}
+etc = ${:home}/etc
+promise = ${:etc}/promise
+
+
 ## Tells the Backupable recipe that we want a backup
 [resilient]
 recipe = slapos.cookbook:request
@@ -28,7 +35,6 @@ software-url = ${slap-connection:software-release-url}
 software-type = {{typeexport}}
 name = {{namebase}}0
 return = ssh-public-key ssh-url notification-id ip
-
 config =
 # Resilient related parameters
   number authorized-key notify ip-list namebase
@@ -66,6 +72,7 @@ sla-{{ key }} = {{ value }}
 {%   endif -%}
 {% endif -%}
 
+
 {% for id in range(1,nbbackup|int) %}
 
 [request-{{namebase}}-pseudo-replicating-{{id}}]
@@ -107,9 +114,9 @@ sla-{{ key }} = {{ value }}
 {%   endif %}
 {% endif %}
 
-
 {% endfor -%}
 
+
 [iplist]
 config-ip-list = ${request-{{namebase}}:connection-ip}{% for j in range(1,nbbackup|int) %} ${request-{{namebase}}-pseudo-replicating-{{j}}:connection-ip}{% endfor %}
 
@@ -117,11 +124,37 @@ config-ip-list = ${request-{{namebase}}:connection-ip}{% for j in range(1,nbback
 <= request-{{namebase}}
    iplist
 
+[resilient-request-{{namebase}}-public-key-promise]
+# Check that public-key-value parameter exists and is not empty
+# XXX: maybe we should consider empty values to be non-nexistent.
+recipe = collective.recipe.template
+# XXX: don't use system executable
+input = inline:#!/bin/sh
+  PUBLIC_KEY_CONTENT="${request-{{namebase}}-2:connection-ssh-public-key})"
+  if [ ! -n "$PUBLIC_KEY_CONTENT" ]; then
+    exit 1
+  fi
+output = ${resilient-directory:promise}/resilient-request-{{namebase}}-public-key
+mode = 700
+
 {% for id in range(1,nbbackup|int) %}
 [request-{{namebase}}-pseudo-replicating-{{id}}-2]
 <= request-{{namebase}}-pseudo-replicating-{{id}}
    iplist
 
+[resilient-request-{{namebase}}-pseudo-replicating-{{id}}-public-key-promise]
+# Check that public-key-value parameter exists and is not empty
+# XXX: maybe we should consider empty values to be non-nexistent.
+recipe = collective.recipe.template
+# XXX: don't use system executable
+input = inline:#!/bin/sh
+  PUBLIC_KEY_CONTENT="${request-{{namebase}}-pseudo-replicating-{{id}}-2:connection-ssh-public-key})"
+  if [ ! -n "$PUBLIC_KEY_CONTENT" ]; then
+    exit 1
+  fi
+output = ${resilient-directory:promise}/resilient-request-{{namebase}}-pseudo-replicating-{{id}}-public-key
+mode = 700
+
 {% endfor %}