# OpenSandbox Credential Vault The Credential Vault is [[OpenSandbox]]'s host-side secret store, and the platform's most distinctive security feature for AI-agent workloads. The host SDK writes real credentials to an egress sidecar; the sandbox only ever sees dummy values. The sidecar does transparent MITM on outbound HTTPS and injects the real secret (`Authorization: Bearer`, `x-api-key`, Basic auth, etc.) based on precise host/port/method/path bindings. The vault is reachable only over a Unix socket the sandbox can't access. The point: an agent (or injected prompt) running inside the sandbox can make authenticated calls without ever being able to read or exfiltrate the actual credentials. The egress sidecar also enforces network policy with DNS filtering and optional nftables enforcement of resolved IPs. ## Related - [[OpenSandbox]] - [[Docker Sandboxes]] - [[AI Agents]] - [[Agentic Engineering]]