alt Hacker NewsThanks and agreed! Zerobox uses the Deno sandboxing policy and also the same pattern for cred injection (placeholders as env vars, replaced at network call time).
Real secrets are never readable by any processes inside the sandbox:
```
zerobox -- echo $OPENAI_API_KEY
ZEROBOX_SECRET_a1b2c3d4e5...
```
Do you know if there's a widely shared name for this pattern? I've been collecting examples of it recently - it's a really good idea - but I'm not sure if there's good terminology. "Credential injection" is one option I've seen floating around.