Show HN: Sandbox-proxy – A forward proxy that injects credentials to sandboxes A developer released Sandbox-proxy, a zero-dependency Go forward proxy that injects credentials into outbound requests on the wire, allowing sandboxed code to use tokens without seeing them. The tool simplifies secret management for containerized workloads by intercepting HTTPS traffic and injecting credentials only for configured hosts. A zero-dependency, stdlib-only Go forward proxy that injects your real credentials GitHub GH TOKEN , npm token, … into outbound requests on the wire , so code running in a sandbox can use them without ever seeing them. A simplified version of Infisical's agent-vault https://github.com/Infisical/agent-vault , driven by a single script sandbox.sh over a dependency-free proxy binary you own. Code runs in a container with no network access except through the proxy . The proxy holds your tokens and injects them into outbound requests as they leave — so the workload can use them but never sees them. sandbox git / gh / npm — no token; HTTPS PROXY, trusts proxy CA │ │ request without credentials ▼ sandbox-proxy holds the real token; default-deny allow-list │ │ + Authorization injected on the wire ▼ upstream github.com, api.github.com, registry.npmjs.org, … - 🌐 Open by default allow all: true for easy setup — egress to any host, with credentials injected only on your configured hosts. Set allow all: false for strict default-deny only listed hosts reachable . - 🔏 HTTPS interception via a CA it generates on first run and the sandbox trusts; the intercepted TLS speaks HTTP/1.1 only ALPN pins http/1.1 , and hosts you don't inject into can be blind-tunnelled untouched. - 🛡️ A compromised workload can at most use a token against the hosts you allow — it can't read or exfiltrate the secret itself. Source the control script once; it gives you a sandbox function that manages one shared proxy and any number of sandbox containers . source sandbox.sh GH TOKEN is taken from gh auth token automatically if it isn't already set. export NPM TOKEN=npm xxx optional; export any secret your rules need sandbox proxy up build if needed + start the shared proxy sandbox proxy status is it running? on which networks? in any project directory: cd ~/code/my-app sandbox run ensures proxy is up, opens a shell in $PWD ...or run a command directly: sandbox run npm ci sandbox run git clone https://github.com/you/private.git Inside a sandbox there is no token in the environment , yet git/npm are authenticated — the proxy injects credentials on the way out. Run as many sandboxes as you like at once; they all share the single proxy: cd ~/code/app-a && sandbox run npm test & cd ~/code/app-b && sandbox run npm test & sandbox ps list running sandboxes Commands: | Command | Does | |---|---| sandbox proxy up | Build if needed, start the shared proxy. | sandbox proxy status | Show whether it's running and its networks. | sandbox proxy reload | Restart the proxy, picking up current env/tokens and config edits. | sandbox proxy down / logs | Stop+remove / follow logs. | sandbox run cmd... | Ensure the proxy is up, run a sandbox in $PWD shell if no cmd . | sandbox build proxy|box|all | Force-rebuild images. | sandbox ps | List running sandboxes. | 🔑 Where secrets come from: for each var in $SANDBOX SECRET ENVS default GH TOKEN NPM TOKEN , sandbox uses the environment value if set, otherwise runs SANDBOX