Introducing Deno Sandbox

Overview

Deno has launched Deno Sandbox, a hosted code execution platform that provides secure API secret handling through proxy-based placeholder substitution. The service is language-agnostic with Python and JavaScript client libraries, offering containerized environments with configurable network access and resource allocation.

The Breakdown

• Proxy-based secret management - API secrets are replaced with placeholders inside sandboxes, and a proxy intercepts outbound calls to substitute real values, preventing code from accessing actual secrets
• Language-agnostic execution - despite the Deno branding, you can control sandboxes from Python or JavaScript, not just Deno/TypeScript applications
• Configurable network isolation - sandboxes can specify exactly which domains they’re allowed to access, providing fine-grained security controls
• Resource flexibility - containers support up to 4GB RAM, 2 vCPUs, 10GB ephemeral storage, persistent volumes, and custom snapshots for rapid deployment of pre-configured environments