oshu vault
A secure proxy for AI sandboxes that keeps your credentials outside — replacing sealed tokens just-in-time as traffic exits.
You’re building an AI agent. It generates code — and you need to run it.
You can’t run it on your own server. It could easily go wrong. So you put it in a sandbox — an isolated environment to protect yourself from untrusted code.
Except now the code needs access to secrets to do anything useful.
In solving one problem, you’ve created many more.
Every solution you’d naturally reach for has the same fundamental flaw.
sandbox terminal
$ echo $ANTHROPIC_API_KEY sk-ant-api03-a1b2c3d4e5f6... $ echo $DATABASE_URL postgres://admin:s3cret@prod.db:5432 # any process in the sandbox can read env vars $ env | grep KEY ANTHROPIC_API_KEY=sk-ant-api03-a1b2c3d4e5f6... GITHUB_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxx
EXPOSED
—
Any code can read them
Secrets are loaded as plain environment variables. Any code in the sandbox — including malicious dependencies — can read them with a single command.
Secrets live outside the sandbox entirely. All outbound traffic routes through the proxy, which replaces sealed tokens with real credentials just-in-time.
Your Sandbox
API_KEY=SEALED_a7f3b2e1c9d8``DB_URL=SEALED_e4c1d8f2a3b7``HTTPS_PROXY=https://vault.oshu.dev
No real secrets here
all traffic routed through proxy
Oshu Vault
1. Intercepts HTTPS traffic2. Replaces sealed tokens with real values3. Enforces egress policy & secret scoping
Secrets stored here only
real credentials injected
External Services
api.anthropic.com``api.github.com``db.example.com