A secure proxy for AI sandboxes that keeps your credentials outside — replacing sealed tokens just-in-time as traffic exits.
You’re building an AI agent. It generates code — and you need to run it.
You can’t run it on your own server. It could easily go wrong. So you put it in a sandbox — an isolated environment to protect yourself from untrusted code.
Except now the code needs access to secrets to do anything useful.
In solving one problem, you’ve created many more.
Every solution you’d naturally reach for has the same fundamental flaw.
$ echo $ANTHROPIC_API_KEY sk-ant-api03-a1b2c3d4e5f6... $ echo $DATABASE_URL postgres://admin:s3cret@prod.db:5432 # any process in the sandbox can read env vars $ env | grep KEY ANTHROPIC_API_KEY=sk-ant-api03-a1b2c3d4e5f6... GITHUB_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxx
Secrets are loaded as plain environment variables. Any code in the sandbox — including malicious dependencies — can read them with a single command.
Secrets live outside the sandbox entirely. All outbound traffic routes through the proxy, which replaces sealed tokens with real credentials just-in-time.
API_KEY=SEALED_a7f3b2e1c9d8DB_URL=SEALED_e4c1d8f2a3b7HTTPS_PROXY=https://vault.oshu.devapi.anthropic.comapi.github.comdb.example.com