ContextQMD
Back to Microsandbox

Secrets

docs/sandboxes/secrets.mdx

0.5.43.2 KB
Original Source

Secrets keep credentials on the host while giving sandboxed code a placeholder to use.

When you bind a secret to an environment variable, microsandbox puts a placeholder in the guest instead of the real value. By default that placeholder is $MSB_<env_var>, using the environment variable name exactly as provided, and you can provide a custom placeholder when needed. If the sandbox sends the placeholder to an allowed host, microsandbox swaps it for the real credential at the network boundary. Anywhere else, the placeholder remains meaningless.

That means the guest can call APIs without ever holding the credential itself.

Allowed hosts are checked against the sandbox's observed DNS and TLS identity. Keep allow lists narrow so placeholders can only turn into credentials at the destinations that actually need them.

<CodeGroup> ```rust Rust use microsandbox::Sandbox;

let sb = Sandbox::builder("agent") .image("python") .secret(|s| s .env("GITHUB_TOKEN") .value(std::env::var("GITHUB_TOKEN")?) .allow_host("api.github.com") .allow_host_pattern("*.githubusercontent.com") ) .secret_env("OPENAI_API_KEY", api_key, "api.openai.com") .create() .await?;


```typescript TypeScript
import { Sandbox } from "microsandbox";

await using sb = await Sandbox.builder("agent")
    .image("python")
    .secret((s) =>
        s.env("GITHUB_TOKEN")
            .value(process.env.GITHUB_TOKEN!)
            .allowHost("api.github.com")
            .allowHostPattern("*.githubusercontent.com"),
    )
    .secretEnv("OPENAI_API_KEY", process.env.OPENAI_API_KEY!, "api.openai.com")
    .create();
python
import os
from microsandbox import Sandbox, Secret

sb = await Sandbox.create(
    "agent",
    image="python",
    secrets=[
        Secret.env(
            "GITHUB_TOKEN",
            value=os.environ["GITHUB_TOKEN"],
            allow_hosts=["api.github.com"],
            allow_host_patterns=["*.githubusercontent.com"],
        ),
        Secret.env(
            "OPENAI_API_KEY",
            value=os.environ["OPENAI_API_KEY"],
            allow_hosts=["api.openai.com"],
        ),
    ],
)
go
sb, err := m.CreateSandbox(ctx, "agent",
    m.WithImage("python"),
    m.WithSecrets(
        m.Secret.Env("GITHUB_TOKEN", os.Getenv("GITHUB_TOKEN"),
            m.SecretEnvOptions{
                AllowHosts:        []string{"api.github.com"},
                AllowHostPatterns: []string{"*.githubusercontent.com"},
            },
        ),
        m.Secret.Env("OPENAI_API_KEY", os.Getenv("OPENAI_API_KEY"),
            m.SecretEnvOptions{AllowHosts: []string{"api.openai.com"}},
        ),
    ),
)
bash
msb create python --name agent \
  --secret "[email protected]" \
  --secret "[email protected]"
</CodeGroup>

In the CLI form, ENV@HOST reads the real value from the same-named host environment variable. Use ENV=VALUE@HOST when you need to provide an explicit value, such as [email protected]; shell-expanded values are passed to msb as command arguments.

For API details, see the SDK references: Rust | TypeScript | Python | Go.