Skip to content

docs(sandboxes): credentials#25468

Draft
dvdksn wants to merge 1 commit into
docker:mainfrom
dvdksn:sandboxes-credential-bindings
Draft

docs(sandboxes): credentials#25468
dvdksn wants to merge 1 commit into
docker:mainfrom
dvdksn:sandboxes-credential-bindings

Conversation

@dvdksn

@dvdksn dvdksn commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Summary

Updates the credentials documentation for Docker Sandboxes:

  • Removes the environment variables section. Exporting API keys in your host shell is no longer a supported authentication path; use sbx secret set or sbx secret import instead.
  • Adds sbx secret import documentation: imports recognized API key environment variables from your shell into the keychain in one step, with flags for non-interactive use (--all), overwriting (--force), and dry-run preview.
  • Lightens the get-started authentication section to lead with OAuth as the primary path for Claude Code, pointing to the credentials page for API key setup.
  • Reverts agent pages that previously described a first-run credential prompt that no longer applies to built-in agents.

What's not in this PR

The credential bindings / credentials.yaml / first-run approval flow for third-party kit authors lands alongside the schemaVersion 2 kit docs in companion PR #25467.

@netlify

netlify Bot commented Jun 30, 2026

Copy link
Copy Markdown

Deploy Preview for docsdocker ready!

Name Link
🔨 Latest commit 12aa7c3
🔍 Latest deploy log https://app.netlify.com/projects/docsdocker/deploys/6a478b6aba161100080df0f5
😎 Deploy Preview https://deploy-preview-25468--docsdocker.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@docker-agent docker-agent left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assessment: 🟢 APPROVE

2 style/completeness findings in credentials.md. All agent pages and troubleshooting.md are clean.

Comment thread content/manuals/ai/sandboxes/security/credentials.md Outdated
Comment thread content/manuals/ai/sandboxes/security/credentials.md Outdated
@dvdksn dvdksn force-pushed the sandboxes-credential-bindings branch 2 times, most recently from 2df2dc4 to 4b163b0 Compare July 1, 2026 06:12
@dvdksn dvdksn added this to the sbx/future milestone Jul 2, 2026
@dvdksn dvdksn changed the title docs(sandboxes): credential bindings and first-run approval docs(sandboxes): update credential docs for built-in agent changes Jul 3, 2026
@dvdksn dvdksn force-pushed the sandboxes-credential-bindings branch from ac5d854 to a288fc0 Compare July 3, 2026 09:46
@dvdksn dvdksn changed the title docs(sandboxes): update credential docs for built-in agent changes docs(sandboxes): credentials Jul 3, 2026
@dvdksn

dvdksn commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

/review

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

👋 Heads up: The /review command is deprecated. Please re-request a review from docker-agent in the PR sidebar instead.

@dvdksn dvdksn requested a review from docker-agent July 3, 2026 10:10
dvdksn added a commit to dvdksn/docs that referenced this pull request Jul 3, 2026
Document the credential bindings model for third-party schemaVersion 2
kits: credentials.yaml format, first-run approval flow, which kits
require a binding, and fail-closed mode. Built-in agents are authorized
by provenance and never need a binding.

Stacked on top of the credentials base changes in docker#25468.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove the environment variables section. Exporting API keys in your
  host shell is no longer a supported authentication path.
- Document `sbx secret import` for moving API keys from environment
  variables into the keychain, with flags for non-interactive use
  (`--all`), overwriting (`--force`), and dry-run preview.
- Lead the get-started authentication section with OAuth as the primary
  path for Claude Code, pointing to the credentials page for API keys.
- Move CI credential setup to the workflows page, using `sbx secret
  import --all` and cross-referencing the built-in services table.
- Revert agent-page language describing a first-run credential prompt
  that no longer applies to built-in agents.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@dvdksn dvdksn force-pushed the sandboxes-credential-bindings branch from ef515d4 to 12aa7c3 Compare July 3, 2026 10:14
dvdksn added a commit to dvdksn/docs that referenced this pull request Jul 3, 2026
Document the credential bindings model for third-party schemaVersion 2
kits: credentials.yaml format, first-run approval flow, which kits
require a binding, and fail-closed mode. Built-in agents are authorized
by provenance and never need a binding.

Stacked on top of the credentials base changes in docker#25468.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants