docs(sandboxes): credentials#25468
Draft
dvdksn wants to merge 1 commit into
Draft
Conversation
✅ Deploy Preview for docsdocker ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
3 tasks
docker-agent
left a comment
Contributor
There was a problem hiding this comment.
Assessment: 🟢 APPROVE
2 style/completeness findings in credentials.md. All agent pages and troubleshooting.md are clean.
2df2dc4 to
4b163b0
Compare
ac5d854 to
a288fc0
Compare
Contributor
Author
|
/review |
Contributor
|
👋 Heads up: The |
dvdksn
added a commit
to dvdksn/docs
that referenced
this pull request
Jul 3, 2026
Document the credential bindings model for third-party schemaVersion 2 kits: credentials.yaml format, first-run approval flow, which kits require a binding, and fail-closed mode. Built-in agents are authorized by provenance and never need a binding. Stacked on top of the credentials base changes in docker#25468. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove the environment variables section. Exporting API keys in your host shell is no longer a supported authentication path. - Document `sbx secret import` for moving API keys from environment variables into the keychain, with flags for non-interactive use (`--all`), overwriting (`--force`), and dry-run preview. - Lead the get-started authentication section with OAuth as the primary path for Claude Code, pointing to the credentials page for API keys. - Move CI credential setup to the workflows page, using `sbx secret import --all` and cross-referencing the built-in services table. - Revert agent-page language describing a first-run credential prompt that no longer applies to built-in agents. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ef515d4 to
12aa7c3
Compare
dvdksn
added a commit
to dvdksn/docs
that referenced
this pull request
Jul 3, 2026
Document the credential bindings model for third-party schemaVersion 2 kits: credentials.yaml format, first-run approval flow, which kits require a binding, and fail-closed mode. Built-in agents are authorized by provenance and never need a binding. Stacked on top of the credentials base changes in docker#25468. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Updates the credentials documentation for Docker Sandboxes:
sbx secret setorsbx secret importinstead.sbx secret importdocumentation: imports recognized API key environment variables from your shell into the keychain in one step, with flags for non-interactive use (--all), overwriting (--force), and dry-run preview.What's not in this PR
The credential bindings /
credentials.yaml/ first-run approval flow for third-party kit authors lands alongside the schemaVersion 2 kit docs in companion PR #25467.