Container Use provides secure secret management for agents working with sensitive data like API keys, database credentials, and authentication tokens. Secrets are resolved within the container environment - agents can use your credentials without the AI model ever seeing the actual values.
How It Works
When you configure secrets, Container Use:
- Stores secret references in your configuration (agents only see
op://vault/item/field, not actual values)
- Resolves references dynamically when commands run and injects actual values as environment variables in the container
- Strips secrets from logs and command outputs to prevent leaks
- Prevents easy extraction by agents (e.g.,
echo $API_KEY won’t show in logs)
This means:
- ✅ Your application code can access secrets normally
- ✅ Agents can run your code that uses secrets
- ❌ The AI model never sees actual secret values
- ❌ Secrets don’t appear in chat logs or model context
Secrets are configured per-project and apply to all new environments. Existing environments continue using their original configuration.
Secret Types
Container Use supports four secure secret reference formats:
🔐 1Password
🌍 Environment Variables
🏛️ HashiCorp Vault
📁 File References
Access secrets stored in 1Password vaults using the op:// schema:# Basic format: op://vault/item/field
container-use config secret set API_KEY "op://vault/item/field"
container-use config secret set DB_PASSWORD "op://production/database/password"
container-use config secret set JWT_SECRET "op://team-vault/auth-service/jwt_secret"
Reference secrets from your local environment using the env:// schema:# Basic format: env://VARIABLE_NAME
container-use config secret set GITHUB_TOKEN "env://GITHUB_TOKEN"
container-use config secret set OPENAI_API_KEY "env://OPENAI_API_KEY"
container-use config secret set DATABASE_URL "env://DATABASE_URL"
Access secrets stored in HashiCorp Vault using the vault:// schema:# Basic format: vault://path/to/secret
container-use config secret set GITHUB_TOKEN "vault://credentials.github"
container-use config secret set DATABASE_PASSWORD "vault://database/prod/password"
container-use config secret set API_KEY "vault://kv/data/myapp/api_key"
Read secrets from local files using the file:// schema:# Basic format: file://path/to/secret
container-use config secret set SSH_KEY "file://~/.ssh/id_rsa"
container-use config secret set SERVICE_ACCOUNT "file://./credentials.json"
container-use config secret set TLS_CERT "file:///etc/ssl/certs/app.crt"
Configuration Commands
# Set a secret using any supported schema
container-use config secret set <KEY_NAME> <secret_reference>
# Examples for each type
container-use config secret set DATABASE_URL "env://DATABASE_URL"
container-use config secret set API_TOKEN "op://vault/api/token"
container-use config secret set GITHUB_TOKEN "vault://credentials.github"
container-use config secret set SSH_KEY "file://~/.ssh/deploy_key"
# List all configured secrets (values are masked)
container-use config secret list
# Remove a secret
container-use config secret unset API_KEY
# Clear all secrets
container-use config secret clear
# View complete configuration including secrets
container-use config show
Using Secrets in Your Code
Once configured, secrets are available as environment variables inside agent environments:
🐍 Python
🟢 Node.js
🐚 Shell
import os
import requests
api_key = os.getenv("API_KEY")
response = requests.get("https://api.example.com",
headers={"Authorization": f"Bearer {api_key}"})
const apiKey = process.env.API_KEY;
const response = await fetch("https://api.example.com", {
headers: { "Authorization": `Bearer ${apiKey}` }
});
# Shell scripts can also access secrets
curl -H "Authorization: Bearer $API_KEY" https://api.example.com
Security Note: While your code can access secrets normally, Container Use automatically strips secret values from logs and command outputs. This means echo $API_KEY or similar commands won’t expose secrets in the development logs that agents or users can see.
