​

openclaw secrets

• reload: gateway RPC (secrets.reload) that re-resolves refs and swaps runtime snapshot only on full success (no config writes).
• audit: read-only scan of configuration/auth/generated-model stores and legacy residues for plaintext, unresolved refs, and precedence drift (exec refs are skipped unless --allow-exec is set).
• configure: interactive planner for provider setup, target mapping, and preflight (TTY required).
• apply: execute a saved plan (--dry-run for validation only; dry-run skips exec checks by default, and write mode rejects exec-containing plans unless --allow-exec is set), then scrub targeted plaintext residues.

openclaw secrets audit --check
openclaw secrets configure
openclaw secrets apply --from /tmp/openclaw-secrets-plan.json --dry-run
openclaw secrets apply --from /tmp/openclaw-secrets-plan.json
openclaw secrets audit --check
openclaw secrets reload

• audit --check returns 1 on findings.
• unresolved refs return 2.

• Secrets guide: Secrets Management
• Credential surface: SecretRef Credential Surface
• Security guide: Security

​

Reload runtime snapshot

openclaw secrets reload
openclaw secrets reload --json

• Uses gateway RPC method secrets.reload.
• If resolution fails, gateway keeps last-known-good snapshot and returns an error (no partial activation).
• JSON response includes warningCount.

​

Audit

• plaintext secret storage
• unresolved refs
• precedence drift (auth-profiles.json credentials shadowing openclaw.json refs)
• generated agents/*/agent/models.json residues (provider apiKey values and sensitive provider headers)
• legacy residues (legacy auth store entries, OAuth reminders)

• Sensitive provider header detection is name-heuristic based (common auth/credential header names and fragments such as authorization, x-api-key, token, secret, password, and credential).

openclaw secrets audit
openclaw secrets audit --check
openclaw secrets audit --json
openclaw secrets audit --allow-exec

• --check exits non-zero on findings.
• unresolved refs exit with higher-priority non-zero code.

• status: clean | findings | unresolved
• resolution: refsChecked, skippedExecRefs, resolvabilityComplete
• summary: plaintextCount, unresolvedRefCount, shadowedRefCount, legacyResidueCount
• finding codes:
  • PLAINTEXT_FOUND
  • REF_UNRESOLVED
  • REF_SHADOWED
  • LEGACY_RESIDUE

​

Configure (interactive helper)

openclaw secrets configure
openclaw secrets configure --plan-out /tmp/openclaw-secrets-plan.json
openclaw secrets configure --apply --yes
openclaw secrets configure --providers-only
openclaw secrets configure --skip-provider-setup
openclaw secrets configure --agent ops
openclaw secrets configure --json

• Provider setup first (add/edit/remove for secrets.providers aliases).
• Credential mapping second (select fields and assign {source, provider, id} refs).
• Preflight and optional apply last.

• --providers-only: configure secrets.providers only, skip credential mapping.
• --skip-provider-setup: skip provider setup and map credentials to existing providers.
• --agent <id>: scope auth-profiles.json target discovery and writes to one agent store.
• --allow-exec: allow exec SecretRef checks during preflight/apply (may execute provider commands).

• Requires an interactive TTY.
• You cannot combine --providers-only with --skip-provider-setup.
• configure targets secret-bearing fields in openclaw.json plus auth-profiles.json for the selected agent scope.
• configure supports creating new auth-profiles.json mappings directly in the picker flow.
• Canonical supported surface: SecretRef Credential Surface.
• It performs preflight resolution before apply.
• If preflight/apply includes exec refs, keep --allow-exec set for both steps.
• Generated plans default to scrub options (scrubEnv, scrubAuthProfilesForProviderTargets, scrubLegacyAuthJson all enabled).
• Apply path is one-way for scrubbed plaintext values.
• Without --apply, CLI still prompts Apply this plan now? after preflight.
• With --apply (and no --yes), CLI prompts an extra irreversible confirmation.

• Homebrew installs often expose symlinked binaries under /opt/homebrew/bin/*.
• Set allowSymlinkCommand: true only when needed for trusted package-manager paths, and pair it with trustedDirs (for example ["/opt/homebrew"]).
• On Windows, if ACL verification is unavailable for a provider path, OpenClaw fails closed. For trusted paths only, set allowInsecurePath: true on that provider to bypass path security checks.

​

Apply a saved plan

openclaw secrets apply --from /tmp/openclaw-secrets-plan.json
openclaw secrets apply --from /tmp/openclaw-secrets-plan.json --allow-exec
openclaw secrets apply --from /tmp/openclaw-secrets-plan.json --dry-run
openclaw secrets apply --from /tmp/openclaw-secrets-plan.json --dry-run --allow-exec
openclaw secrets apply --from /tmp/openclaw-secrets-plan.json --json

• --dry-run validates preflight without writing files.
• exec SecretRef checks are skipped by default in dry-run.
• write mode rejects plans that contain exec SecretRefs/providers unless --allow-exec is set.
• Use --allow-exec to opt in to exec provider checks/execution in either mode.

• Secrets Apply Plan Contract

• openclaw.json (SecretRef targets + provider upserts/deletes)
• auth-profiles.json (provider-target scrubbing)
• legacy auth.json residues
• ~/.openclaw/.env known secret keys whose values were migrated

​

Why no rollback backups

​

Example

openclaw secrets audit --check
openclaw secrets configure
openclaw secrets audit --check