Secrets

Hive has no separate secrets management system. Sensitive values — API keys, tokens, credentials — are passed directly to the sandbox as environment variables via SandboxConfig.env, or injected transparently into outbound requests via egress.override. You manage secrets in your own environment or vault and supply them at provisioning time.

Environment variables

Pass secrets in the env field when creating a sandbox. Each key-value pair becomes an environment variable available to every process running inside:

index.ts
import { getOrCreateSandbox } from "hive";

const sandbox = await getOrCreateSandbox("my-sandbox", {
  image: "hive/claude-code:latest",
  env: {
    ANTHROPIC_API_KEY: process.env.ANTHROPIC_API_KEY!,
    GITHUB_TOKEN: process.env.GITHUB_TOKEN!,
  },
  fs: [{ backend: "local", mount: "/workspace", acls: [{ path: "/workspace/**", access: "rw" }] }],
  egress: [{ access: "allow", host: "api.anthropic.com" }],
});
// Inside the sandbox: process.env.ANTHROPIC_API_KEY is available

The values are sourced from your host environment (or vault) at call time — they are never hardcoded in your application.

Immutability

env is set once at sandbox creation and cannot be changed afterward. If you need to rotate a key, create a new sandbox with the updated value.

index.ts
// To rotate a key, provision a fresh sandbox
const sandbox = await getOrCreateSandbox("my-sandbox-v2", {
  image: "hive/claude-code:latest",
  env: {
    ANTHROPIC_API_KEY: rotatedKey,
  },
  fs: [{ backend: "local", mount: "/workspace", acls: [{ path: "/workspace/**", access: "rw" }] }],
  egress: [{ access: "allow", host: "api.anthropic.com" }],
});

Egress override

Use egress.override to inject credentials into outbound requests without exposing the values to the agent. The agent makes requests to the target host as normal; the network proxy attaches the configured headers or query parameters transparently before forwarding the request.

index.ts
const sandbox = await getOrCreateSandbox("my-sandbox", {
  fs: [{ backend: "local", mount: "/workspace", acls: [{ path: "/workspace/**", access: "rw" }] }],
  egress: [{
    access: "allow",
    host: "api.finnhub.io",
    override: {
      headers: { "X-Finnhub-Token": process.env.FINNHUB_API_KEY! },
      // or query params:
      // query: { api_key: process.env.API_KEY! },
    },
  }],
});

The agent can call api.finnhub.io freely but never sees the token value — it is applied by the proxy after the request leaves the sandbox. This is useful when you want to give an agent access to a third-party API without placing the key in the agent's context or environment.

FieldTypeDescription
override.headersRecord<string, string>Headers to attach to every matching outbound request.
override.queryRecord<string, string>Query parameters to append to every matching outbound request.

See Network Access for the full egress rule reference.


Next: Inspector