Skip to content

Commit 6488f49

Browse files
dvdksnclaude
andauthored
sbx: document 1Password op run pattern for per-launch credential injection (#25274)
## Summary - Splits the "Sourcing credentials from 1Password" section in `workflows.md` into two subsections: one for persistent setup via `op read | sbx secret set`, one for per-launch injection via `op run -- sbx run <agent>` - The `op run` pattern resolves `op://` references at launch time without storing anything; works because `sbx` reads the built-in service env vars (`ANTHROPIC_API_KEY`, `OPENAI_API_KEY`, etc.) from the host environment — not arbitrary vars - Includes a `.env` file variant for injecting multiple credentials at once - Adds a 1Password bullet to the Best practices section in `credentials.md` linking back to the new workflows section 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent 5499d25 commit 6488f49

2 files changed

Lines changed: 38 additions & 2 deletions

File tree

content/manuals/ai/sandboxes/security/credentials.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -311,6 +311,9 @@ The proxy reads the variable from your terminal session. See individual
311311
- For Claude Code and Codex, OAuth is another secure option: the flow runs on
312312
the host, so the token is never exposed inside the sandbox. For Claude Code,
313313
use `/login` inside the agent. For Codex, run `sbx secret set -g openai --oauth`.
314+
- If you store credentials in 1Password, see
315+
[Sourcing credentials from 1Password](../workflows.md#sourcing-credentials-from-1password)
316+
for how to use `op read` and `op run` with `sbx`.
314317

315318
## Custom templates and placeholder values
316319

content/manuals/ai/sandboxes/workflows.md

Lines changed: 35 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -259,8 +259,10 @@ the full reference.
259259

260260
### Sourcing credentials from 1Password
261261

262-
If you store credentials in 1Password, use `op read` to populate `sbx` secrets
263-
without pasting values manually:
262+
#### Populating stored secrets with `op read`
263+
264+
Use `op read` to populate stored secrets without pasting values manually. Store
265+
the value once and it's available to all future sandboxes:
264266

265267
```console
266268
$ op read "op://Work/GitHub/token" | sbx secret set -g github
@@ -270,6 +272,37 @@ $ op read "op://Work/Anthropic/credential" | sbx secret set -g anthropic
270272
The real value stays on your host; the sandbox sees the proxy-managed
271273
placeholder as usual.
272274

275+
#### Per-launch injection with `op run`
276+
277+
To resolve credentials fresh from your vault on each launch without storing
278+
them via `sbx secret set`, use `op run`:
279+
280+
```console
281+
$ ANTHROPIC_API_KEY="op://Work/Anthropic/credential" op run -- sbx run claude
282+
$ OPENAI_API_KEY="op://Work/OpenAI/key" op run -- sbx run codex
283+
$ GEMINI_API_KEY="op://Work/Google/key" op run -- sbx run gemini
284+
```
285+
286+
`op run` resolves each `op://` reference in the environment before executing
287+
`sbx`. The sandbox reads the
288+
[built-in service environment variables](security/credentials.md#built-in-services)
289+
at launch and routes them through its proxy — the credential is never stored in
290+
sbx's state and never appears inside the sandbox container.
291+
292+
This only applies to those specific credential variables. The sandbox does not
293+
forward arbitrary environment variables from the host into the sandbox.
294+
295+
For multiple credentials at once, use `--env-file` with a file of `op://`
296+
references:
297+
298+
```console
299+
$ cat .sbx-secrets.env
300+
ANTHROPIC_API_KEY=op://Work/Anthropic/credential
301+
GITHUB_TOKEN=op://Work/GitHub/token
302+
303+
$ op run --env-file=.sbx-secrets.env -- sbx run claude
304+
```
305+
273306
## CI and headless use
274307

275308
For CI environments and scripts where a browser isn't available, authenticate

0 commit comments

Comments
 (0)