• Docker Sandboxes is a new primitive in the Docker’s ecosystem that allows you to run AI agents or any other workloads in isolated micro VMs. • It provides strong isolation, convenient developer experience and a strong security boundary with a network proxy configurable to deny agents connecting to arbitrary internet hosts. • The network proxy will also conveniently inject the API keys, like your ANTHROPIC_API_KEY , or OPENAI_API_KEY in the network proxy so the agent doesn’t have access to them at all and cannot leak them. • In a previous article I showed how Docker Sandboxes lets you install any tools an AI agent might need, like a JDK for Java projects or some custom CLIs, into a container that’s isolated from the host. • Today we’re going a step further: we’ll run OpenClaw, an open-source AI coding agent, on a local model via Docker Model Runner. • No API keys, no cloud costs, fully private.

Article Summaries:

  • Docker has introduced “Docker Sandboxes,” a new primitive that lets developers run AI agents in isolated micro‑VMs with a configurable network proxy. The proxy can deny outbound traffic and inject API keys (e.g., ANTHROPIC_API_KEY, OPENAI_API_KEY) so they never leave the host. Using this feature, users can run the open‑source AI coding agent OpenClaw on a local GPT‑OSS model via Docker Model Runner with just a few commands. The sandbox limits file access to a specified workspace, and the proxy automatically handles credential injection for cloud models. A lightweight bridge script forwards OpenClaw’s requests to the host’s model service, enabling secure, private AI development.
  • Docker’s new “Sandboxes” feature lets developers run AI agents in isolated micro‑VMs with a configurable network proxy that blocks unwanted internet access and injects API keys securely. The article demonstrates how to launch the open‑source OpenClaw coding agent inside a sandbox, using a local GPT‑OSS model via Docker Model Runner. After enabling Docker Model Runner, users pull a model, create a sandbox image, and run OpenClaw with a single command. The sandbox limits file access to a specified workspace and routes all outbound traffic through a proxy, ensuring credentials never leave the host environment. Cloud models can also be used, with the proxy automatically injecting keys.

Sources: