|
| 1 | +--- |
| 2 | +title: "Secrets" |
| 3 | +description: "Environment variables & secrets access in dev environments" |
| 4 | +--- |
| 5 | + |
| 6 | +Open-SWE securely manages your API keys and environment variables with AES-256-GCM encryption. |
| 7 | + |
| 8 | +## How Your API Keys Are Protected |
| 9 | + |
| 10 | +Your API keys are encrypted both in transit and at rest: |
| 11 | + |
| 12 | +1. **Frontend**: Temporarily stored in browser localStorage |
| 13 | +2. **Transit**: Encrypted before sending to backend |
| 14 | +3. **Backend**: Stored encrypted in database |
| 15 | +4. **Runtime**: Decrypted only when needed |
| 16 | + |
| 17 | +<Accordion title="Technical Encryption Details"> |
| 18 | + - **Algorithm**: [AES-256-GCM](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf) (authenticated encryption) |
| 19 | + - **Key Derivation**: SHA-256 hash of system `SECRETS_ENCRYPTION_KEY` |
| 20 | + - **IV Generation**: Random 12-byte initialization vector per encryption |
| 21 | + - **Authentication**: 16-byte authentication tag prevents tampering |
| 22 | +</Accordion> |
| 23 | + |
| 24 | +## Types of Environment Variables |
| 25 | + |
| 26 | +**System Variables** (for self-hosting): |
| 27 | +- Examples: `DAYTONA_API_KEY`, `SECRETS_ENCRYPTION_KEY`, `GITHUB_APP_PRIVATE_KEY` |
| 28 | +- Access: Server-side only, never exposed to users or sandboxes |
| 29 | + |
| 30 | +**User Variables** (your personal keys): |
| 31 | +- Examples: `ANTHROPIC_API_KEY`, `MY_DATABASE_URL`, `STRIPE_TEST_KEY` |
| 32 | +- Access: Controlled via settings page, encrypted storage |
| 33 | + |
| 34 | +## Sandbox Access Control |
| 35 | + |
| 36 | +**By default, your API keys are never exposed to sandbox environments.** They're only used for LLM initialization and system setup. |
| 37 | + |
| 38 | +To enable keys in development servers (for testing LangGraph agents, Next.js apps, etc.): |
| 39 | + |
| 40 | +1. Manually toggle "Include in Dev Server" for each key |
| 41 | +2. Key becomes available as environment variable in sandbox |
| 42 | +3. You control which keys are exposed |
| 43 | + |
| 44 | +<Note> |
| 45 | + Use separate development API keys with limited permissions instead of production keys when enabling sandbox access. |
| 46 | +</Note> |
| 47 | + |
| 48 | +## Security & Isolation |
| 49 | + |
| 50 | +Each session runs in an isolated Daytona container that: |
| 51 | +- Cannot access other user sessions |
| 52 | +- Automatically deletes after 15 minutes of inactivity |
| 53 | +- Has no persistent storage across sessions |
| 54 | + |
| 55 | +<Accordion title="Detailed Isolation Features"> |
| 56 | + - **Container**: Separate container per user session |
| 57 | + - **File System**: No shared file systems between containers |
| 58 | + - **Process**: Sandboxed processes cannot access host system |
| 59 | + - **Network**: Containers cannot communicate with each other |
| 60 | + - **Temporal**: Fresh environment for each session |
| 61 | +</Accordion> |
| 62 | + |
| 63 | +<Warning> |
| 64 | + When enabling "Include in Dev Server", the AI agent may inadvertently expose environment variables in generated code or logs. Only enable when necessary. |
| 65 | +</Warning> |
| 66 | + |
| 67 | +## Best Practices |
| 68 | + |
| 69 | +- Use minimum required permissions for each API key |
| 70 | +- Regularly rotate your API keys |
| 71 | +- Use separate development keys instead of production keys for sandbox access |
| 72 | +- Only enable "Include in Dev Server" when necessary |
| 73 | +- Never enable sandbox access for production database credentials |
| 74 | +- Review generated code for exposed environment variables before deploying |
| 75 | +- Monitor "Last Used" timestamps in settings |
0 commit comments