Skip to main content
A ready-to-run example is available here!
The OpenHandsCloudWorkspace demonstrates how to use the OpenHands Cloud to provision and manage sandboxed environments for agent execution. This provides a seamless experience with automatic sandbox provisioning, monitoring, and secure execution without managing your own infrastructure.

Key Concepts

OpenHandsCloudWorkspace

The OpenHandsCloudWorkspace connects to OpenHands Cloud to provision sandboxes:
This workspace type:
  • Connects to OpenHands Cloud API
  • Automatically provisions sandboxed environments
  • Manages sandbox lifecycle (create, poll status, delete)
  • Handles all infrastructure concerns

Getting Your API Key

To use OpenHands Cloud, you need an API key:
  1. Go to app.all-hands.dev
  2. Sign in to your account
  3. Navigate to Settings → API Keys
  4. Create a new API key
Store this key securely and use it as the OPENHANDS_CLOUD_API_KEY environment variable.

Configuration Options

The OpenHandsCloudWorkspace supports several configuration options:

Keep Alive Mode

By default, the sandbox is deleted when the workspace is closed. To keep it running:
This is useful for debugging or when you want to inspect the sandbox state after execution.

Workspace Testing

You can test the workspace before running the agent:
This verifies connectivity to the cloud sandbox and ensures the environment is ready.

Inheriting SaaS Credentials

Instead of providing your own LLM_API_KEY, you can inherit the LLM configuration and secrets from your OpenHands Cloud account. This means you only need OPENHANDS_CLOUD_API_KEY — no separate LLM key required.

get_llm()

Fetches your account’s LLM settings (model, API key, base URL) and returns a ready-to-use LLM instance:
You can override any parameter:
Under the hood, get_llm() calls GET /api/v1/users/me?expose_secrets=true, sending your Cloud API key in the Authorization header plus the sandbox’s X-Session-API-Key. That session key is issued by OpenHands Cloud for the running sandbox, so it scopes the request to that sandbox rather than acting like a separately provisioned second credential.

get_secrets()

Builds LookupSecret references for your SaaS-configured secrets. Raw values never transit through the SDK client — they are resolved lazily by the agent-server inside the sandbox:
You can also filter to specific secrets:
See the SaaS Credentials example below for a complete working example.

Comparison with Other Workspace Types

Ready-to-run Example

This example shows how to connect to OpenHands Cloud for fully managed agent execution:
examples/02_remote_agent_server/07_convo_with_cloud_workspace.py
Running the Example

SaaS Credentials Example

This example demonstrates the simplified flow where your OpenHands Cloud account’s LLM configuration and secrets are inherited automatically — no need to provide LLM_API_KEY separately:
examples/02_remote_agent_server/10_cloud_workspace_share_credentials.py
Running the SaaS Credentials Example

Settings and Secrets API Examples

The remote agent-server examples also include end-to-end scripts for settings-backed secrets and authenticated LLM configuration:

Next Steps