Make sandbox api key configurable via user settings (#8803)

Co-authored-by: openhands <openhands@all-hands.dev>

openhands/server/routes/settings.py

@@ -72,6 +72,7 @@ async def load_settings(
         )
         settings_with_token_data.llm_api_key = None
         settings_with_token_data.search_api_key = None
+        settings_with_token_data.sandbox_api_key = None
         return settings_with_token_data
     except Exception as e:
         logger.warning(f'Invalid token: {e}')

openhands/server/session/session.py

@@ -133,6 +133,8 @@ class Session:
         default_llm_config.api_key = settings.llm_api_key
         default_llm_config.base_url = settings.llm_base_url
         self.config.search_api_key = settings.search_api_key
+        if settings.sandbox_api_key:
+            self.config.sandbox.api_key = settings.sandbox_api_key.get_secret_value()
 
         # NOTE: this need to happen AFTER the config is updated with the search_api_key
         self.config.mcp = settings.mcp_config or MCPConfig(

openhands/storage/data_models/settings.py

@@ -40,6 +40,7 @@ class Settings(BaseModel):
     sandbox_runtime_container_image: str | None = None
     mcp_config: MCPConfig | None = None
     search_api_key: SecretStr | None = None
+    sandbox_api_key: SecretStr | None = None
     max_budget_per_task: float | None = None
     email: str | None = None
     email_verified: bool | None = None