> ## Documentation Index
> Fetch the complete documentation index at: https://opensandbox-oc-s-762ac928075c46d2828bcb22.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Secret Stores

> Manage secrets and egress control

## `await SecretStore.create(**kwargs)`

Create a new secret store.

```python theme={null}
from opencomputer import SecretStore

store = await SecretStore.create(
    name='my-agent-secrets',
    egress_allowlist=['api.anthropic.com'],
)
```

<ParamField body="name" type="str" required>
  Store name (unique per organization)
</ParamField>

<ParamField body="egress_allowlist" type="list[str] | None">
  Allowed egress hosts
</ParamField>

**Returns:** `dict`

***

## `await SecretStore.list(**kwargs)`

**Returns:** `list[dict]`

## `await SecretStore.get(store_id, **kwargs)`

<ParamField body="store_id" type="str" required>
  UUID of the secret store
</ParamField>

**Returns:** `dict`

***

## `await SecretStore.update(store_id, **kwargs)`

Partial updates — only the fields you pass are changed.

```python theme={null}
updated = await SecretStore.update(
    'store-uuid',
    name='new-name',
    egress_allowlist=['api.anthropic.com', '*.openai.com'],
)
```

<ParamField body="store_id" type="str" required>
  UUID of the store to update
</ParamField>

<ParamField body="name" type="str">
  New store name
</ParamField>

<ParamField body="egress_allowlist" type="list[str] | None">
  New allowed egress hosts
</ParamField>

**Returns:** `dict`

***

## `await SecretStore.delete(store_id, **kwargs)`

Deletes the store and all its secrets. Running sandboxes are not affected.

**Returns:** `None`

***

## `await SecretStore.set_secret(store_id, name, value, **kwargs)`

Set a secret. Encrypted at rest, never returned by API.

```python theme={null}
await SecretStore.set_secret('store-uuid', 'ANTHROPIC_API_KEY', 'sk-ant-...')

# Optionally restrict to specific hosts:
await SecretStore.set_secret(
    'store-uuid', 'ANTHROPIC_API_KEY', 'sk-ant-...',
    allowed_hosts=['api.anthropic.com'],
)
```

<ParamField body="store_id" type="str" required>
  UUID of the secret store
</ParamField>

<ParamField body="name" type="str" required>
  Secret name (env var name in sandboxes)
</ParamField>

<ParamField body="value" type="str" required>
  Secret value
</ParamField>

<ParamField body="allowed_hosts" type="list[str] | None">
  Restrict to specific hosts
</ParamField>

**Returns:** `None`

***

## `await SecretStore.list_secrets(store_id, **kwargs)`

Returns metadata only. Values are never exposed.

**Returns:** `list[dict]`

## `await SecretStore.delete_secret(store_id, name, **kwargs)`

**Returns:** `None`

***

## Using Secrets with Sandboxes

```python theme={null}
sandbox = await Sandbox.create(
    secret_store='my-agent-secrets',
    timeout=600,
)

# Secrets are available as sealed env vars
result = await sandbox.commands.run('echo $ANTHROPIC_API_KEY')
# stdout: "osb_sealed_abc123..." (sealed, not the real key)

# Outbound HTTPS requests get the real value substituted by the proxy
api_result = await sandbox.commands.run(
    'curl -s https://api.anthropic.com/v1/messages -H "x-api-key: $ANTHROPIC_API_KEY" ...'
)
```

## Using Secrets with Snapshots and Checkpoints

### Snapshot template with secrets

Attach a secret store when creating a sandbox from a pre-built snapshot — even if the snapshot was built without one:

```python theme={null}
from opencomputer import Sandbox, Snapshots, Image

# Pre-build a snapshot with dependencies
snapshots = Snapshots()
await snapshots.create(
    name='data-pipeline',
    image=Image.base().apt_install(['python3-pip']).pip_install(['pandas']),
)

# Create sandboxes from the snapshot, each with their own credentials
worker1 = await Sandbox.create(
    snapshot='data-pipeline',
    secret_store='worker-1-keys',
)
worker2 = await Sandbox.create(
    snapshot='data-pipeline',
    secret_store='worker-2-keys',
)
```

### Checkpoint fork with secrets

Attach or layer a secret store when forking from a checkpoint:

```python theme={null}
# Bake a base environment with git credentials
base = await Sandbox.create(secret_store='git-creds')
await base.exec.run('git clone https://github.com/org/repo /app')
cp = await base.create_checkpoint('repo-cloned')

# Fork with different credentials per sandbox (layered on top of git-creds)
worker = await Sandbox.create_from_checkpoint(
    cp['id'],
    secret_store='worker-keys',  # layered on top of git-creds
)
```

When layered, secrets merge (fork's store wins on collision) and egress allowlists aggregate.
