← Back
Deno launches Sandbox for running untrusted code with network isolation and secret protection
· releasefeatureplatformsecuritysdk · deno.com ↗

Secure Execution for LLM-Generated Code

Deno Sandbox addresses a critical new use case: platforms where large language models generate code that runs immediately without human review. This code often needs network access and API credentials, creating security risks that traditional sandboxing approaches don't fully mitigate.

The solution provides lightweight Linux microVMs running in the Deno Deploy cloud, booting in under one second. Developers can create sandboxes programmatically via JavaScript or Python SDKs, and interact with them through SSH, HTTP, or VS Code.

Network and Secrets Protection

Two key security features prevent credential exfiltration:

  • Network Egress Control: Restrict outbound connections to whitelisted hosts (e.g., allowNet: ["api.openai.com"]). Any request to unlisted hosts gets blocked at the VM boundary.
  • Secret Materialization: API keys and credentials never appear in the environment as plaintext. Code sees only a placeholder, and the real secret materializes only when making approved outbound requests. Prompt-injected code attempting to exfiltrate the placeholder to unauthorized domains receives nothing of value.

Both features use an outbound proxy mechanism similar to coder/httpjail. Deno plans to add request inspection and modification hooks for trusted code.

From Sandbox to Production

The sandbox.deploy() method deploys code directly from a sandbox to Deno Deploy production without rebuilding or re-authenticating:

const build = await sandbox.deploy("my-app", {
  production: true,
  build: { mode: "none", entrypoint: "server.ts" },
});

Storage and Persistence

  • Volumes: Read-write storage for databases, caches, and user data
  • Snapshots: Read-only base images for pre-installed toolchains; create fresh development environments in seconds

Pricing and Availability

Deno Sandbox launches in beta with usage-based pricing integrated into Deno Deploy plans:

  • $0.05/h CPU time (40 hours included with Pro)
  • $0.016/GB-h memory (1000 GB-h included with Pro)
  • $0.20/GiB-month volume storage (5 GiB included with Pro)

Sandboxes run with 2 vCPUs, 768 MB–4 GB memory, and a maximum 30-minute lifetime. Use cases include AI agents, secure plugin systems, ephemeral CI runners, and customer-supplied code execution.