sbx secret set-custom
| Description | Create or update a custom secret |
|---|---|
| Usage | sbx secret set-custom [-g | sandbox] [flags] |
Description
Create or update a custom secret for a service not built into sbx.
Custom secrets work via a placeholder: the sandbox sees the placeholder value instead of the real secret. When the sandbox makes an outbound request to the target host, the proxy replaces the placeholder with the real secret in the request headers — the secret never enters the sandbox directly.
Secrets can be scoped globally (shared across all sandboxes) or to a specific sandbox.
Options
| Option | Default | Description |
|---|---|---|
--env | Set this env var in the sandbox to the placeholder value | |
-g, --global | Use global secret scope | |
--host | Host or IP address | |
--placeholder | Placeholder value; use {rand} for a random suffix (e.g. sk-{rand}) | |
-t, --token | Secret value (less secure: visible in shell history) | |
--value | Secret value (less secure: visible in shell history) |
Global options
| Option | Default | Description |
|---|---|---|
-D, --debug | Enable debug logging |
Examples
# Create a global custom secret. A unique placeholder is generated automatically.
# The sandbox env var API_KEY is set to the placeholder value; outbound requests
# to the host have the placeholder replaced with the real secret.
sbx secret set-custom -g --host api.example.com --env API_KEY --value secret123
# Scope to a specific sandbox instead of globally.
sbx secret set-custom my-sandbox --host api.example.com --env API_KEY --value secret123
# Custom placeholder with {rand} suffix; the CLI prints the generated value.
sbx secret set-custom -g --host api.example.com --placeholder sk-{rand} --value secret123