Skip to main content
You can pass configuration values, API keys, and other settings into a sandbox using environment variables. SmolVM supports two approaches: setting variables when you create the sandbox, or adding them at runtime while the sandbox is running. The same Python API (env_vars=, vm.set_env_vars(...), vm.unset_env_vars(...), vm.list_env_vars(...)) works for both Linux and Windows guests. On Linux the variables are written to /etc/profile.d/smolvm_env.sh and picked up by new login shells; on Windows they’re written to HKCU\Environment and picked up by new processes. See Windows guests below for the details specific to Windows.

Setting variables at boot

Set environment variables when creating a VM:

How it works

When env_vars is set in VMConfig:
  1. VM boots normally
  2. SmolVM waits for SSH to become available
  3. Variables are written to /etc/profile.d/smolvm_env.sh
  4. All subsequent login shells source these variables
Environment variable injection requires an SSH-capable image. Use ImageBuilder or auto-config mode to ensure your image supports this feature.

Setting variables at runtime

You can also add, update, and remove variables while a sandbox is running:

Windows sandboxes

Environment variables work for Windows sandboxes too, using the same API. The only difference is where the values are stored.
How it works on Windows:
  • SmolVM runs [Environment]::SetEnvironmentVariable(name, value, 'User') over SSH, which writes the value into the HKCU\Environment registry hive — the standard per-user environment store on Windows.
  • New processes inherit the updated environment automatically. The SSH session that issued the change does notvm.run(...) opens a fresh session every call, so the next vm.run(...) sees the new value.
  • SmolVM tracks which keys it owns via a SMOLVM_ENV_MANAGED_KEYS sentinel value. list_env_vars() and unset_env_vars() only ever touch variables SmolVM set; anything you configured inside Windows yourself is left untouched.
  • Values are passed through verbatim — spaces, embedded quotes, and special characters are escaped safely by SmolVM before the PowerShell call.
Variable changes are visible to new processes, not the current one. Inside a single SSH session you can verify the change by spawning a fresh process — for example start-process powershell -wait, or simply rely on the fact that the next vm.run(...) call will see the new value.

Method reference

set_env_vars()

Example:

list_env_vars()

Example:

unset_env_vars()

Example:

Complete example

From examples/env_injection.py:

Passing host environment into the sandbox

You can forward environment variables from your host machine into the sandbox. This is useful for sharing API keys without hardcoding them:
This pattern is used in examples/openclaw.py to inject OPENROUTER_API_KEY and OPENAI_API_KEY from the host.

Host-side variables SmolVM reads

A few environment variables on your host machine change how SmolVM itself behaves. Set these in your shell, not inside the sandbox.

SmolVM behavior

SMOLVM_BACKEND
string
Override the virtual machine monitor SmolVM uses. Accepts firecracker, qemu, or auto (the default). On macOS the default is QEMU; on Linux it is Firecracker.
SMOLVM_USE_PUBLISHED
string
default:"1"
Controls the published-image fast path. On by default. Set to 0, false, or no to force SmolVM to build images locally instead of downloading pre-built ones. Useful when you’re testing changes to a preset’s install script.
SMOLVM_VERBOSE_BOOT
string
Show the guest kernel’s full boot log on the serial console. Off by default — SmolVM appends quiet to the kernel command line so boots stay fast and clean. Set to 1, true, yes, or on to drop quiet and surface every kernel message, which is the first thing to try when a sandbox hangs during start or panics before the agent answers.
This only affects sandboxes that use the default low-latency boot profile (MICROVM_DIRECT). It does not change behaviour after the guest is up.

Coding-agent presets

When you launch a coding-agent preset, SmolVM forwards a small list of host environment variables into the sandbox so the agent can authenticate without an extra login step.
OPENAI_API_KEY
string
Forwarded to presets that talk to OpenAI APIs (for example codex).
OPENROUTER_API_KEY
string
Forwarded to the openclaw preset and any preset that supports OpenRouter.
OPENCLAW_GATEWAY_TOKEN
string
Forwarded to the openclaw preset. OpenClaw rejects boot with a clear error message if neither this nor OPENCLAW_GATEWAY_PASSWORD is set, so populate one of the two before running smolvm openclaw start.
OPENCLAW_GATEWAY_PASSWORD
string
Alternative to OPENCLAW_GATEWAY_TOKEN for the openclaw preset. Use whichever credential type matches your OpenClaw deployment.
Set these in your shell profile (~/.zshrc, ~/.bashrc) so every smolvm openclaw start picks them up automatically. They never get baked into a published image — they only travel into a sandbox you boot.

Variable validation

SmolVM validates environment variable keys:
Keys must match the pattern: [A-Za-z_][A-Za-z0-9_]*

Persistence details

File location

Variables are stored in /etc/profile.d/smolvm_env.sh inside the guest:

Atomic updates

All writes are atomic (write to temp file → mv into place) to prevent partial updates on failure.

Quoting and escaping

SmolVM uses shlex.quote() to safely handle special characters:

Use cases

Configuration management

Secret injection

Dynamic configuration updates

Troubleshooting

Variables not available

If variables don’t appear in your commands:
1

Verify SSH support

2

Check the file was created

3

Ensure you're using a login shell

Variables are only available in login shells:

Next steps

Custom images

Build images with pre-baked environment configuration

AI agent integration

Use environment variables for agent configuration

Port forwarding

Expose services configured via environment variables
Last modified on June 2, 2026