> ## Documentation Index
> Fetch the complete documentation index at: https://docs.nuon.co/llms.txt
> Use this file to discover all available pages before exploring further.
> JSON Schema reference for sandbox configuration
# Sandbox
# Sandbox
## Properties
| Property | Description | Values | Example |
| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | -------------------------------- |
| **`type`**
string | sandbox IaC type IaC type for this sandbox: 'terraform' (default) or 'pulumi'. 'pulumi' requires the pulumi-sandbox feature flag | **Optional** | `"terraform"`, `"pulumi"` |
| **`terraform_version`**
string | Terraform version Version of Terraform to use for deployments. Required when type=terraform | **Optional** | `"1.5.0"`, `"1.6.0"`, `"latest"` |
| **`runtime`**
string | Pulumi runtime The Pulumi runtime to use for the program (go, nodejs, python). Required when type=pulumi | **Optional** | `"go"`, `"nodejs"`, `"python"` |
| **`pulumi_version`**
string | Pulumi version Version of the Pulumi CLI to use. If not specified, uses the latest version | **Optional** | `"3.100.0"` |
| **`pulumi_config`**
object | Pulumi stack config Map of Pulumi stack configuration values as key-value pairs. Keys use the format 'namespace:key' (e.g., 'gcp:project'). Supports templating | **Optional** | - |
| **`connected_repo`**
[ConnectedRepoConfig](#connected_repo) | connected repository configuration Configuration for a private repository connected to the Nuon platform | **Optional** | - |
| **`public_repo`**
[PublicRepoConfig](#public_repo) | public repository configuration Configuration for a public repository accessible without authentication | **Optional** | - |
| **`drift_schedule`**
string | drift detection schedule Cron expression for periodic drift detection. If not set, drift detection is disabled | **Optional** | `"0 2 * * *"`, `"*/10 * * * *"` |
| **`env_vars`**
object | environment variables Map of environment variables passed to Terraform as key-value pairs | **Optional** | - |
| **`vars`**
object | Terraform variables Map of Terraform input variables as key-value pairs. Supports templating | **Optional** | - |
| **`var_file`**
[array](#var_file) | Terraform variable files Array of external Terraform variable files to load. Each file contents support templating and external file sources: HTTP(S) URLs ([https://example.com/vars.tfvars](https://example.com/vars.tfvars)), git rep... | **Optional** | - |
| **`operation_roles`**
[array](#operation_roles) | operation-specific IAM role assignments Map of sandbox operations to IAM role names. Allows using different roles for different operations (provision, deprovision, reprovision). Roles must be defin... | **Optional** | - |
| **`max_auto_retries`**
integer | maximum automatic retry attempts on sandbox apply failure Maximum number of automatic retry attempts for failed sandbox provision, reprovision, and deprovision applies. Set to 0 to disable auto-ret... | **Optional**
Default: `"0"` | `"3"`, `"5"` |
| **`skip_noops`**
boolean | Skip the sandbox apply when the plan has no changes (a no-op). Defaults to false | **Optional**
Default: `"false"` | `"true"` |
| **`auto_approve_on_policies_passing`**
boolean | Auto-approve the sandbox apply when all policy checks pass. Defaults to false | **Optional**
Default: `"false"` | `"true"` |
### `connected_repo`
| Property | Description | Values | Example |
| --------------------------- | -------------------------------------------------------------------------------------------- | -------------- | ------------------------------------------ |
| **`repo`**
string | repository identifier Identifier of the connected repository configured in the Nuon platform | **✅ Required** | `"my-repo"`, `"production-infrastructure"` |
| **`directory`**
string | directory path Path within the repository to the configuration files | **✅ Required** | `"terraform"`, `"infra/terraform"` |
| **`branch`**
string | Git branch Git branch to checkout and use for deployments | **✅ Required** | `"main"`, `"develop"`, `"production"` |
### `public_repo`
| Property | Description | Values | Example |
| --------------------------- | -------------------------------------------------------------------- | -------------- | --------------------------------------------------------------------------------------- |
| **`repo`**
string | repository URL HTTPS URL to the public Git repository | **✅ Required** | `"https://github.com/user/repo.git"`, `"https://github.com/user/terraform-modules.git"` |
| **`directory`**
string | directory path Path within the repository to the configuration files | **✅ Required** | `"terraform"`, `"infra/terraform"` |
| **`branch`**
string | Git branch Git branch to checkout and use for deployments | **✅ Required** | `"main"`, `"develop"`, `"production"` |
### `var_file`
| Property | Description | Values | Example |
| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------- |
| **`contents`**
string | variable file contents Contents of a Terraform .tfvars file. Supports Nuon templating and external file sources: HTTP(S) URLs ([https://example.com/vars.tfvars](https://example.com/vars.tfvars)), git repositories (git::[https://githu](https://githu)... | **Optional** | `"./sandbox.tfvars"`, `"./variables/production.tfvars"` |
### `operation_roles`
| Property | Description | Values | Example |
| --------------------------- | ---------------------------------------------------------------------------------------------------------------- | -------------- | ------------------------------------------------------------------------ |
| **`operation`**
string | operation type Type of operation: provision, deprovision, update, reprovision, or trigger | **✅ Required** | `"provision"`, `"deploy"`, `"deprovision"` |
| **`role`**
string | IAM role name Name of the IAM role to use for this operation (not ARN). Role must exist in install stack outputs | **✅ Required** | `"{{.nuon.install.id}}-maintenance"`, `"{{.nuon.install.id}}-provision"` |