Secrets Manager lets agents running inside Daytona sandboxes use credentials without ever seeing the real values. Secrets are injected into the sandbox at runtime and masked from the agent, so the agent can authenticate to external systems while the underlying values stay hidden.
Runtime secret injection
Running AI-generated code against production systems requires credentials such as API keys, database passwords, and access tokens. When those values are placed directly in code or environment variables the agent can read, the agent can also copy, log, or exfiltrate them, which is a significant risk when the code itself is generated and not fully trusted.
Secrets Manager separates access from visibility. The sandbox holds the credentials it needs to make authenticated calls, but the agent operating inside it cannot read the raw values. This narrows the exposure of production secrets when running untrusted or AI-generated code.
How secrets work
Runtime injection: Secrets are supplied to the sandbox at execution time rather than stored in code or the image.
Value masking: The agent can reference and use a secret, but the real value is masked and never returned to the agent.
Scoped access: Secrets are managed per organization and made available only to the sandboxes that need them.
Get started
Secrets are available to all Daytona organizations. Read the documentation to get started.
Create a secret
1from daytona import CreateSecretParams, Daytona23daytona = Daytona()45secret = daytona.secret.create(CreateSecretParams(6 name="my-secret",7 value="secret-value",8 description="Optional description",9 hosts=["api.example.com"],10))
Use a secret in a sandbox
1from daytona import CreateSandboxFromSnapshotParams, Daytona23daytona = Daytona()45sandbox = daytona.create(CreateSandboxFromSnapshotParams(6 language="python",7 secrets={8 "MY_API_KEY": "my-secret",9 },10))