top | item 47045017

(no title)

PS: Also, this is wild!

> What this does: apiKeyHelper tells Claude Code to run echo proxy-managed to get its API key. The sandbox’s network proxy intercepts outgoing API calls and swaps this sentinel value for your real Anthropic key, so the actual key never exists inside the sandbox.

discuss

evnix|13 days ago

This is similar to how I solved a BYOK(bring your own key) feature at work. We had a lot of hardcoded endpoints and structures on the client and code that was too difficult to move over a nice BYOK structure within the given timeframe. So we ended up making a proxy that basically injected customer keys as they passed through our servers. note that there are a lot security implications doing this.

interleave|13 days ago

Makes total sense and I would have never even considered injecting keys on the fly. Love it!

domh|13 days ago

This is similar to Deno Sandbox[1] which was announced a couple of weeks back. Apparently also something similar is done with fly.io's tokenizer[2][3]

[1]: https://deno.com/blog/introducing-deno-sandbox

[2]: https://news.ycombinator.com/item?id=46874959

[3]: https://github.com/superfly/tokenizer