From e15c49b76bf0bd793f98268d6a5dd349ab205683 Mon Sep 17 00:00:00 2001
From: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Date: Tue, 2 Jun 2026 16:38:56 +0200
Subject: [PATCH] sbx: warn that saving a template embeds filesystem secrets

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 content/manuals/ai/sandboxes/customize/templates.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/content/manuals/ai/sandboxes/customize/templates.md b/content/manuals/ai/sandboxes/customize/templates.md
index 3d868078b9c4..371a3a028076 100644
--- a/content/manuals/ai/sandboxes/customize/templates.md
+++ b/content/manuals/ai/sandboxes/customize/templates.md
@@ -179,6 +179,15 @@ a template. This captures installed packages, configuration changes, and
 files into a reusable image — useful when you've set up an environment
 interactively and want to preserve it.
 
+> [!WARNING]
+> Saving a sandbox captures its entire filesystem, including any secrets
+> stored on it. If you manually added API keys, tokens, or other
+> credentials to the sandbox, they're embedded in the saved template and
+> shared with anyone you distribute it to. To keep credentials out of
+> templates, manage them with `sbx secret set` instead — the proxy injects
+> them at runtime so they're never written to the filesystem. For more
+> information, see [Manage credentials](../security/credentials.md).
+
 ### Save and reuse
 
 Stop the sandbox (or let the CLI prompt you), then save it with a name and