When writing a "pack" SQL can target the

platform:

though I wonder if there's any further more granular level filtering that could be applied, for example; Alice 's machine - creates secrets to share with Bob; I'd like to author a query to check for the presence of Bob's pubkey, it would make sense for this to only be run on Alice's machine. I am not sure if it is at all possible to apply filtering / targeting more granular than the OS in such packs?

Maybe you can use discovery queries? https://osquery.readthedocs.io/en/stable/deployment/configuration/ Unfortunately I can't link to the discovery query section but

Consider that there are some groups of scheduled queries which should only be run on a host when a condition is true.