AI agents typically need credentials to access external services: an API key for the model provider, a token for GitHub or GitLab, and so on. OpenShell manages these credentials as first-class entities called providers. A provider is a named credential bundle. When you attach a provider to a sandbox, the gateway injects its credentials into the sandbox as environment variables at startup. Credentials never touch the sandbox filesystem.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/NVIDIA/OpenShell/llms.txt
Use this file to discover all available pages before exploring further.
When the trailing command in
openshell sandbox create is a recognized tool name (claude, codex, or opencode), the CLI auto-creates the required provider from your local environment if one does not already exist. You do not need to create the provider separately.Create a provider
- From local credentials
- With explicit credentials
- Bare key form
The fastest way to create a provider is to let the CLI discover credentials from your shell environment:This reads
ANTHROPIC_API_KEY or CLAUDE_API_KEY from your current environment and stores them in the provider.Attach providers to sandboxes
Pass one or more--provider flags when creating a sandbox:
--provider flag attaches one provider. The sandbox receives all credentials from every attached provider at runtime.
Manage providers
Supported provider types
The following provider types are supported. The--from-existing flag reads the listed environment variables from your current shell.
| Type | Environment variables injected | Typical use |
|---|---|---|
claude | ANTHROPIC_API_KEY, CLAUDE_API_KEY | Claude Code, Anthropic API |
codex | OPENAI_API_KEY | OpenAI Codex |
generic | User-defined | Any service with custom credentials |
github | GITHUB_TOKEN, GH_TOKEN | GitHub API, gh CLI |
gitlab | GITLAB_TOKEN, GLAB_TOKEN, CI_JOB_TOKEN | GitLab API, glab CLI |
nvidia | NVIDIA_API_KEY | NVIDIA API Catalog |
openai | OPENAI_API_KEY | Any OpenAI-compatible endpoint |
opencode | OPENCODE_API_KEY, OPENROUTER_API_KEY, OPENAI_API_KEY | opencode tool |
Security model
Credentials are stored in the gateway — not on disk in the sandbox. The gateway injects them as environment variables at sandbox startup. This means:- A compromised sandbox process cannot read credentials by scanning the filesystem.
- Credentials are purged when the sandbox is deleted.
- Providers can only be attached at sandbox creation time, not after the fact.
Supported inference providers
The following providers have been tested withinference.local. Any provider that exposes an OpenAI-compatible API works with the openai type. Set --config OPENAI_BASE_URL to the provider’s base URL.
| Provider | Name | Type | Base URL |
|---|---|---|---|
| NVIDIA API Catalog | nvidia-prod | nvidia | https://integrate.api.nvidia.com/v1 |
| Anthropic | anthropic-prod | anthropic | https://api.anthropic.com |
| Baseten | baseten | openai | https://inference.baseten.co/v1 |
| Bitdeer AI | bitdeer | openai | https://api-inference.bitdeer.ai/v1 |
| Deepinfra | deepinfra | openai | https://api.deepinfra.com/v1/openai |
| Groq | groq | openai | https://api.groq.com/openai/v1 |
| Ollama (local) | ollama | openai | http://host.openshell.internal:11434/v1 |
| LM Studio (local) | lmstudio | openai | http://host.openshell.internal:1234/v1 |
Next steps
Policies
Control what the agent can access on the network and filesystem.
Community sandboxes
Use a pre-built environment from the community catalog.
Policy schema reference
Full field-by-field YAML definition for sandbox policies.
GitHub sandbox tutorial
End-to-end walkthrough combining a GitHub provider with a scoped policy.