Restriction Mode

Restriction Mode applies to workspaces only.

When Restriction Mode is applied to a workspace in a sandbox, it blocks access to that workspace from non-admin users — including the sandbox owner — while mounting Admin Only secrets in that workspace.

This feature is designed for sandboxes that need to:

• Provision External Resources during creation using privileged secrets.
• Run privileged services that should not be accessible to non-admin users.
• Perform sensitive operations during startup without exposing privileged credentials afterward.

Lifetime

Restriction Mode can only be applied at workspace creation time. Once a workspace exits Restriction Mode, it can never re-enter it. There are two lifetime options:

• ALWAYS: The workspace is never allowed to exit Restriction Mode. Use this for workspaces that provide privileged services throughout their entire lifetime (e.g. a sidecar that requires admin-only secrets forever, or that handles resource cleanup on sandbox deletion).
• STARTUP: Restriction Mode is active only during sandbox creation. Once the privileged operation is complete, the workspace can call cs sandbox restriction disable to exit the mode, unmount Admin Only secrets, and become accessible to non-admin users.

Definition

Add the restriction field to a workspace definition:

workspaces:
- name: dev
- name: privileged
  restriction:
    life_time: ALWAYS

In this example, the dev workspace is accessible to the owner and non-admin users, while the privileged workspace is permanently inaccessible to non-admins. The processes running in privileged can provide services to dev without leaking access to sensitive secrets.

STARTUP Lifetime Example

workspaces:
- name: dev
  system:
    files:
    - path: /etc/sandbox.d/setup
      mode: '0700'
      content: |
        #!/bin/bash
        provision-resources /run/sandbox/fs/secrets/shared/provision-token
        cs sandbox restriction disable
  restriction:
    life_time: STARTUP

In this example, when the dev workspace starts:

1. The setup script runs with the Admin Only secret provision-token mounted (because Restriction Mode is active).
2. It uses the secret to provision external resources.
3. It calls cs sandbox restriction disable to exit Restriction Mode.
4. Admin Only secrets are unmounted.
5. The workspace becomes accessible to non-admin users.

Interaction with Lockdown

If Lockdown is defined for the same workspace, Lockdown is not applied while the workspace is in Restriction Mode. This allows the workspace to make privileged API calls and access secrets during setup before lockdown takes effect.

See Also

• External Resources — provisioning cloud resources during sandbox creation
• Lockdown — restricting workload access after startup
• Secret — Admin Only secrets and access control
• Org and User — admin vs member roles