Environment variables

Env vars set at creation time are applied to every process the sandbox runs: commands.run(), shells, and anything those spawn. They persist across pause() / resume() cycles.

Env var values are delivered in plain text — any process in the sandbox can read them. For API keys and other credentials, use secrets instead: the sandbox only ever holds a stand-in token, and the real value is attached to outbound requests.

const sandbox = await Sandbox.create({
  name: "data-analyzer",
  envVars: {
    OPENAI_API_KEY: "sk-...",
    DATABASE_URL: "postgres://...",
    NODE_ENV: "production",
  },
})

const result = await sandbox.commands.run("echo $NODE_ENV")
console.log(result.stdout)  // "production\n"

Per-command overrides

The env option on commands.run() adds to or overrides the sandbox-wide env for a single command.

const result = await sandbox.commands.run("echo $NODE_ENV", {
  env: { NODE_ENV: "staging" },
})
console.log(result.stdout)  // "staging\n"

Values pass through unmodified - no shell expansion or interpolation. Escape $ and special characters yourself if needed.

Network log

Secrets

​Per-command overrides

Per-command overrides