Daytona secrets volume setup. Use when the user says Daytona secrets, add provider key, OpenAI key, Anthropic key, eval secrets, /daytona-secrets, or openwork-eval-secrets.
| name | daytona-secrets-volume |
| description | Daytona secrets volume setup. Use when the user says Daytona secrets, add provider key, OpenAI key, Anthropic key, eval secrets, /daytona-secrets, or openwork-eval-secrets. |
Use this skill when Daytona tests need provider keys or other eval-only secrets. Never commit secrets to the repo and never print secret values.
The reusable Daytona volume is:
openwork-eval-secrets:/daytona-secrets
Electron sandboxes mount it automatically through .devcontainer/test-on-daytona.sh.
The Electron starter sources every file matching:
/daytona-secrets/*.env
This is a Daytona reusable volume, not a host directory. You cannot inspect it directly from the local filesystem. To add, list, or test files, mount it into a temporary Daytona sandbox or use an existing sandbox that mounted the volume.
Create a local env file, then copy it into the volume:
bash .devcontainer/setup-daytona-secrets-volume.sh <local-env-file> <name>.env
Examples:
bash .devcontainer/setup-daytona-secrets-volume.sh .newtoken openai.env
bash .devcontainer/setup-daytona-secrets-volume.sh .anthropic anthropic.env
bash .devcontainer/setup-daytona-secrets-volume.sh .google google.env
The destination must be a simple .env filename such as openai.env. The
script copies the file without printing secret values and sets restrictive
permissions. Do not pass secrets as command-line arguments; put them in a local
env file and pass only the filename.
Use normal shell env format:
OPENAI_API_KEY=...
ANTHROPIC_API_KEY=...
GOOGLE_CLIENT_ID=...
GOOGLE_CLIENT_SECRET=...
Only include variables needed by evals. Keep files small and purpose-specific.
If the sandbox is already running, restart Electron so it reloads /daytona-secrets/*.env:
daytona exec "$SANDBOX" -- "bash -lc 'pkill -f electron || true; pkill -f electron-dev || true; pkill -f opencode || true'"
sleep 3
daytona exec "$SANDBOX" -- "bash -lc 'cd /workspace && bash /opt/openwork-daytona/start-daytona-electron.sh --detach'"
Do not chain the kill and restart in one daytona exec command. The pkill
pattern can terminate the exec wrapper itself.
Check only filenames or whether expected variables are present:
daytona exec "$SANDBOX" -- 'ls -la /daytona-secrets'
daytona exec "$SANDBOX" -- "bash -lc 'set -a; source /daytona-secrets/openai.env; test -n \"${OPENAI_API_KEY:-}\"'"
Never run commands that print token values.
/daytona-secrets/*.env is sourced again.test -n "$OPENAI_API_KEY" is safe; env, printenv, or cat is not.Daytona Electron sandbox testing with CDP/noVNC. Use when the user says test on Daytona, run Electron on Daytona, Daytona dry run, test Electron remotely, reproduce on Daytona, or validate a real desktop flow.
Daytona UI flow validation loop. Use when validating real app behavior, checking a Daytona flow, proving a bug is fixed, or deciding pass/fail from CDP snapshots, screenshots, and assertions.
Daytona recording volume, screenshots, artifacts, and validation evidence. Use when the user says record Daytona, recording volume, artifacts volume, screenshots, proof, PR evidence, before/after video, or validate behavior visually.
Local OpenWork Electron browser automation with CDP. Use when driving a local Electron dev app, browser_list, browser_snapshot, browser_eval, composer automation, or local UI smoke tests.
Launch and control standalone Chrome in a Daytona sandbox via CDP. Use for web sign-in, OAuth, Den Web setup, browser-only flows, or when the app should not be driven through Electron CDP.
Daytona cloud server and Den sandbox setup. Use when the user says Daytona server, cloud server, Den server, marketplace server, worker proxy, cloud auth, org policies, or connect Electron to a Daytona server.
