SECURITY • OpenClaw quick fix

Provider key in a workspace `.env`? Move it before agents run.

OpenClaw's environment docs now draw a useful trust boundary: workspace `.env` files are lower-trust and provider credentials loaded only from there are ignored. That is good hardening, but it can look like a broken model route if you do not know where the Gateway process actually reads keys. Treat the fix as both reliability and security work: move provider keys into a trusted OpenClaw env/secret source, remove plaintext residue from agent-readable files, then prove one tiny provider call before unattended work resumes.

In simple words: Make a safe copy if the step could change your setup, try the smallest check, then confirm OpenClaw is back to normal before doing more. The source link and commands stay below for people who want the technical detail.

Checklist

Inventory where provider keys live today: workspace `.env`, shell profiles, `~/.openclaw/.env`, `$OPENCLAW_STATE_DIR/.env`, `openclaw.json`, auth profiles, CI, and any copied config files.

Fast private inventory — keep output out of public logs

# Run from the OpenClaw workspace/config areas you control.
# Inspect matches manually; do not paste secret values into tickets or agent prompts.
find . -maxdepth 4 -type f \( -name '.env*' -o -name 'openclaw.json' -o -name 'auth-profiles.json' -o -name '*models.json' \) -print

Do not rely on a project/workspace `.env` as the only source for provider credentials; OpenClaw treats it as lower-trust and ignores provider credential variables from that surface.

Move the key to a trusted source the Gateway process can read: `~/.openclaw/.env`, `$OPENCLAW_STATE_DIR/.env`, config `env`, shell-env import, or a supported SecretRef for that credential field.

Trusted-source receipt

- Provider / model route being fixed:
- Old key location, if any:
- New trusted source (`~/.openclaw/.env`, state `.env`, config `env`, shell-env, or SecretRef):
- Plaintext residue checked: yes/no
- `openclaw doctor` result:
- Tiny provider smoke result:
- Rotation or rollback decision:

If plaintext credentials were in agent-readable files, migrate or rotate deliberately; SecretRefs reduce persistence only after unsupported copies, backups, and old generated model files are cleaned up.

Restart through your normal supervisor, run `openclaw doctor`, then verify with a tiny model/provider smoke test before letting background agents spend tokens.

Record the old key location, new trusted source, provider tested, and rollback/rotation decision so the next config edit does not reintroduce workspace-secret drift.

Success looks like

• Provider credentials are no longer expected to load from a lower-trust workspace `.env` alone.

• The Gateway process can read the trusted credential source after restart, and one tiny provider/model check passes.

• Any old plaintext copies have an explicit cleanup or rotation decision before unattended agents resume.

Source: OpenClaw environment + secrets docs · link

Before the next risky OpenClaw change

Turn this quick fix into a repeatable rollback path.

If this touches tokens, providers, upgrades, plugins, or shared-agent settings, do the free check first — then use a verified snapshot and one restore drill before trusting unattended work again.

What OpenClaw Safety Net adds

pre-auth-change snapshot before moving provider credentials
secret-location inventory and plaintext-residue cleanup rows
post-migration provider smoke-test receipt before unattended agents resume

Use the free fix when: you only need to unblock this one low-risk change and can write the backup label, smoke result, and rollback trigger in your own notes.

Buy when: this same risk will happen again, another person needs to repeat the fix, or you want a purchase-to-first-GREEN receipt, restore drill, and written rollback record before agents run unattended.

Do not buy yet if: you have not tried the free checklist, you need live support, or you are not ready to make a verified backup before changing a working setup.

Free proof → repeatable proof

Use the quick fix once. Buy only when the same evidence needs to be repeatable before future OpenClaw changes.

Free proof: One provider key moved out of a lower-trust workspace `.env` path and into a trusted Gateway-readable source.

Repeatable proof: Safety Net turns that one migration into a reusable auth-change worksheet with snapshot, smoke test, and rotation/rollback decisions.

Free proof: A tiny provider/model call proves the Gateway can read the key after restart.

Repeatable proof: Safety Net keeps provider, config, and agent-resume checks together so the same drift does not recur after the next update.

Use OpenClaw Safety Net before the risky change →

Free fix first; buy the playbook only when the rollback path needs a repeatable first-GREEN proof record.

Have a high‑value nugget? Submit it.