> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wandb.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Secrets

> Learn how to manage secrets in W&B Sandboxes.

<Warning>
  W\&B Sandboxes is in private preview, available by invitation only. To request enrollment, contact [support](mailto:support@wandb.com) or your AISE.
</Warning>

Use the [W\&B Secrets Manager](/platform/secrets) with the W\&B Python SDK to access sensitive information such as API keys and tokens in a sandbox.

To use a secret in a sandbox, first add it to your team's Secrets Manager. Then reference that secret by name when you create the sandbox. Do not include the secret's value directly in your code or in the sandbox configuration.

W\&B injects each requested secret into the sandbox as an environment variable. By default, the environment variable name matches the secret name. You can customize the environment variable name with the `env_var` parameter.

<Note>
  See [Manage secrets](/platform/secrets) for information about creating and managing secrets in your W\&B account.
</Note>

## Access secrets in a sandbox

Use the `Secret` class to specify which secrets to include in a sandbox. Pass one or more `Secret` objects to the `secrets` parameter of `Sandbox.run()`. Each `Secret` object identifies a secret by name. W\&B injects the secret value into the sandbox as an environment variable.

<Tip>
  Pass the secret name, not the secret value. Within the sandbox, read the secret from the corresponding environment variable.
</Tip>

The following example makes two existing secrets available in the sandbox: `HF_TOKEN` and `OPENAI_API_KEY`.

```python theme={null}
from wandb.sandbox import Sandbox, Secret

with Sandbox.run(
    secrets=[
        Secret(name="HF_TOKEN"),
        Secret(name="OPENAI_API_KEY"),
    ],
) as sandbox:
    result = sandbox.exec([
        "python",
        "-c",
        """
import os
if "HF_TOKEN" in os.environ:
    print(f"Hugging Face token found.")
if "OPENAI_API_KEY" in os.environ:
    print(f"OpenAI key token found.")
""",
    ]).result()
    print(result.stdout)
```

Inside the sandbox, access each secret through its environment variable. In this example, `HF_TOKEN` is available as `os.environ["HF_TOKEN"]`, and `OPENAI_API_KEY` is available as `os.environ["OPENAI_API_KEY"]`.

To customize the environment variable name for a secret, see [Use a custom environment variable name](#use-a-custom-environment-variable-name).

## Use a custom environment variable name

By default, a secret's environment variable name matches the secret name. To customize a sandbox's environment variable for a given secret, set the `env_var` parameter on `Secret` (`Secret(env_var="CUSTOM_NAME")`).

The following example checks that the `HF_TOKEN` secret is available in the sandbox:

```python theme={null}
from wandb.sandbox import Sandbox, Secret

with Sandbox.run(
    secrets=[
        Secret(name="HF_TOKEN", env_var="HUGGINGFACE_TOKEN")
    ],
) as sandbox:
    result = sandbox.exec([
        "python",
        "-c",
        """
import os
if "HUGGINGFACE_TOKEN" in os.environ:
    print(f"Hugging Face token found!")
""",
    ]).result()
    print(result.stdout)
```