Typical flow
SecretBuilder
Fluent builder for one secret’s placeholder, allowed hosts, and injection scopes. Obtained throughSandboxBuilder.secret(s => ...) or NetworkBuilder.secret(s => ...); each secret maps an environment variable to a real value that is only revealed when traffic reaches an allowed host through the TLS proxy. Every setter returns the same builder so calls can be chained. env(), value(), and at least one allowed host are required; build() throws otherwise. Adding any secret automatically enables TLS interception.
.env()
$MSB_<varName> (or a custom placeholder), never the real value. Names must be non-empty and cannot contain = or NUL; shell-identifier syntax is not required. Required.
Parameters
varNamestringEnvironment variable name (non-empty, no
= or NUL)..value()
Parameters
valuestringThe actual credential or token.
.placeholder()
$MSB_<envVar>. Use this when you need a specific format or when the placeholder must match a particular byte length. Placeholders must be non-empty, at most 1024 bytes, and cannot contain NUL, CR, or LF.
Parameters
placeholderstringCustom placeholder string: non-empty, up to 1024 bytes, no NUL/CR/LF.
.allowHost()
Example
Example
Parameters
hoststringExact hostname, e.g.
“api.example.com” (ASCII case-insensitive)..allowHostPattern()
*.suffix pattern matches the suffix itself and any single-or-multi label subdomain of it.
Parameters
patternstringWildcard pattern, e.g.
“*.googleapis.com”..allowAnyHostDangerous()
iUnderstand is true. Only use this when the secret is not sensitive or the sandbox network is fully locked down. This is the one allow-list pattern that skips DNS and TLS-identity pinning.
Parameters
iUnderstandbooleanMust be
true to take effect..requireTlsIdentity()
true, the secret is only substituted on TLS-intercepted connections where the proxy has verified it is performing MITM and the SNI matches an allowed host. Bypassed TLS is opaque and never receives substitution. Disable only when you know the traffic path is safe and explicitly supports non-TLS substitution. Default: true.
Parameters
enabledbooleanRequire verified TLS identity. Default:
true..injectHeaders()
Authorization: Bearer $MSB_... and similar patterns. Default: true.
Parameters
enabledbooleanSubstitute in headers. Default:
true..injectBasicAuth()
Authorization: Basic <base64> credentials are decoded, substituted in the decoded user:password, then re-encoded. Orthogonal to injectHeaders: this flag handles the encoded-credentials case for the Basic scheme; injectHeaders handles literal substitution in any header line, including non-Basic Authorization schemes (Bearer, Digest). Default: true.
Parameters
enabledbooleanSubstitute inside Basic Auth credentials. Default:
true..injectQuery()
?key=value portion of the request line). Default: false.
Parameters
enabledbooleanSubstitute in query parameters. Default:
false..injectBody()
false.
Parameters
enabledbooleanSubstitute in request bodies. Default:
false..onViolation()
Example
Example
ViolationActionBuilder for the full set of block* and passthrough* methods.
Passthrough hosts do not receive the real secret value; substitution still only happens for hosts configured with allowHost() or allowHostPattern(). When a per-secret passthrough policy does not match the request host, microsandbox falls back to the sandbox-wide secret violation action.
Parameters
Configure the per-secret violation action.
.build()
SecretEntry. Called for you by SandboxBuilder.secret, so you rarely call it directly. If placeholder was not set, it defaults to $MSB_<envVar>. Throws a MicrosandboxError if env or value was not set, or if the allow-list is empty.
Returns
The materialized secret entry.
ViolationActionBuilder
Fluent builder for the action taken when a secret placeholder is sent to a disallowed host. Obtained through the closure passed toSecretBuilder.onViolation(v => ...) (per-secret) or NetworkBuilder.onSecretViolation(v => ...) (sandbox-wide). The terminal block* methods set the base action; the passthrough* methods carve out hosts that get the placeholder forwarded unchanged.
.block()
.blockAndLog()
.blockAndTerminate()
.passthroughHost()
block* action.
Parameters
hoststringExact hostname to forward unchanged.
.passthroughHostPattern()
Parameters
patternstringWildcard pattern, e.g.
“*.internal.example.com”..passthroughAllHosts()
iUnderstand is true. The real value is still never substituted on these hosts; this only stops the request from being dropped.
Parameters
iUnderstandbooleanMust be
true to take effect.SandboxBuilder shorthand
Two methods onSandboxBuilder for adding secrets without reaching into a NetworkBuilder. Both automatically enable TLS interception.
.secret()
Example
Example
SecretBuilder closure. The builder’s build() is called for you.
Parameters
configure(s: SecretBuilder) => SecretBuilderConfigure the secret.
.secretEnv()
Example
Example
$MSB_<envVar> and allows substitution only on allowedHost. The default injection scopes apply (headers and Basic Auth enabled, query and body disabled).
Parameters
envVarstringEnvironment variable name (non-empty, no
= or NUL).valuestringSecret value.
allowedHoststringAllowed destination host (exact match).
NetworkBuilder shorthand
The same secret configuration is available insideSandboxBuilder.network(n => ...) for callers who are already configuring networking. These methods set the secrets and the sandbox-wide violation policy directly on the network.
.secret()
Example
Example
SecretBuilder closure. Identical in behavior to SandboxBuilder.secret.
Parameters
configure(s: SecretBuilder) => SecretBuilderConfigure the secret.
.secretEnv()
SandboxBuilder form but lets you provide the placeholder explicitly instead of auto-generating $MSB_<envVar>.
Parameters
envVarstringEnvironment variable name (non-empty, no
= or NUL).valuestringSecret value.
placeholderstringExplicit placeholder: non-empty, up to 1024 bytes, no NUL/CR/LF.
allowedHoststringAllowed destination host (exact match).
.secretEnvSimple()
NetworkBuilder. Auto-generates the placeholder as $MSB_<envVar>, matching SandboxBuilder.secretEnv.
Parameters
envVarstringEnvironment variable name (non-empty, no
= or NUL).valuestringSecret value.
allowedHoststringAllowed destination host (exact match).
.onSecretViolation()
Example
Example
SecretBuilder.onViolation overrides this for the secret it is set on. See ViolationActionBuilder for the available actions.
Parameters
Configure the sandbox-wide violation action.
Types
SecretEntry
Returned by SecretBuilder.build()
The object produced bySecretBuilder.build(). You normally construct one with the builder, but the shape is available for callers that prefer plain objects.
| Field | Type | Description |
|---|---|---|
envVar | string | Environment variable name (non-empty, no = or NUL) |
value | string | Real secret value (stays on the host) |
placeholder | string | null | Custom placeholder: non-empty, up to 1024 bytes, no NUL/CR/LF; defaults to $MSB_<envVar> when null |
allowedHosts | readonly string[] | Allowed hosts (exact match) |
allowedHostPatterns | readonly string[] | Wildcard host patterns |
allowAnyHost | boolean | Permit substitution to any host |
requireTlsIdentity | boolean | Require verified TLS identity before substituting |
injection | SecretInjection | Where in the request the value may be substituted |
SecretInjection
Used by SecretEntry.injection
Controls where the TLS proxy substitutes the placeholder with the real value. Each field is optional; omitted fields use the default. Set through theinject* methods on SecretBuilder.
| Field | Type | Default | Description |
|---|---|---|---|
headers? | boolean | true | Replace the placeholder anywhere in HTTP headers. |
basicAuth? | boolean | true | Decode Authorization: Basic <base64> credentials, substitute in the decoded user:password, and re-encode. Other schemes (Bearer, Digest) are handled by headers. |
queryParams? | boolean | false | Replace the placeholder in URL query parameters. |
body? | boolean | false | Replace the placeholder in request bodies when microsandbox can inspect and rewrite them safely. Encoded bodies are forwarded unchanged, and body placeholders in unsupported body formats are blocked instead of being leaked. |
ViolationAction
Built by ViolationActionBuilder
The string identifier for the base action taken when a secret placeholder is sent to a disallowed host. Configured throughViolationActionBuilder (via SecretBuilder.onViolation or NetworkBuilder.onSecretViolation). The ViolationActions array enumerates all values.
| Value | Builder method | Description |
|---|---|---|
'block' | block() | Silently drop the request. The guest sees a connection reset. This is the default. |
'block-and-log' | blockAndLog() | Drop the request and emit a warning log on the host side. |
'block-and-terminate' | blockAndTerminate() | Drop the request, log an error, and shut down the entire sandbox. |
'passthrough' | passthroughHost() / passthroughHostPattern() / passthroughAllHosts() | Forward matching hosts with the placeholder unchanged. Non-matching hosts use the base block action. |