> ## Documentation Index
> Fetch the complete documentation index at: https://docs.stateset.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Sandbox Security Overview

> Isolation models, API key security, and best practices.

# Sandbox Security Overview

StateSet Sandbox provides layered security from the edge to execution runtimes.

## Security Layers

* **API Gateway**: TLS, rate limiting, API key auth, and WAF
* **Controller**: Input validation, authz, secret management, audit logging
* **Runtime Isolation**: Container, gVisor, or microVMs (Kata/Firecracker)

## Isolation Modes

* **Container**: Fastest, best for trusted workloads
* **gVisor**: User-space kernel for untrusted code
* **Kata/Firecracker**: MicroVM isolation for sensitive workloads

## Key Management

* Generate strong API keys
* Store keys in environment variables or secret managers
* Rotate keys regularly

## Related Documentation

* [Security Guide](/stateset-sandbox/SECURITY_GUIDE)
* [Runtime Selection](/stateset-sandbox/runtime-selection)
