Documentation Index
Fetch the complete documentation index at: https://docs.pocketenv.io/llms.txt
Use this file to discover all available pages before exploring further.
Pocketenv has two ways to pass configuration into a sandbox:
| Environment Variables | Secrets |
|---|
| Stored as | Plaintext | Encrypted (libsodium) |
| Visible in API | Yes | Redacted |
| Use for | Non-sensitive config | Passwords, tokens, keys |
Environment variables
CLI
# Set a variable
pocketenv env put my-sandbox DATABASE_URL "postgres://localhost/mydb"
pocketenv env put my-sandbox NODE_ENV "production"
# List all variables
pocketenv env list my-sandbox
pocketenv env ls my-sandbox # alias
# Delete a variable
pocketenv env delete <variable-id>
pocketenv env rm <variable-id> # alias
SDK
await sandbox.env.put("DATABASE_URL", "postgres://localhost/mydb");
await sandbox.env.put("NODE_ENV", "production");
const vars = await sandbox.env.list();
// [{ id: "...", name: "DATABASE_URL", value: "postgres://..." }, ...]
await sandbox.env.delete(varId);
Secrets
Secrets are encrypted at rest using libsodium. The value is never returned in API responses — only a redacted placeholder is shown.
CLI
# Set a secret (you'll be prompted for the value)
pocketenv secret put my-sandbox API_KEY
# List secret names (values are never shown)
pocketenv secret list my-sandbox
pocketenv secret ls my-sandbox # alias
# Delete
pocketenv secret delete <secret-id>
pocketenv secret rm <secret-id> # alias
SDK
await sandbox.secret.put("API_KEY", process.env.API_KEY!);
await sandbox.secret.put("STRIPE_SECRET", "sk_live_...");
const secrets = await sandbox.secret.list();
// [{ id: "...", name: "API_KEY" }] ← value is never returned
await sandbox.secret.delete(secretId);
Setting variables at sandbox creation
You can bake env vars and secrets into a sandbox at creation time via the SDK builder:
const sandbox = await Sandbox.builder("openclaw")
.name("my-app")
.env("NODE_ENV", "production")
.env("PORT", "3000")
.secret("DATABASE_URL", process.env.DATABASE_URL!)
.secret("API_KEY", process.env.API_KEY!)
.create();
API
For direct API usage see:
