OpenClaw · Skill
CLI
A secure way to manage API keys for OpenClaw using the system keyring (GNOME Keyring / libsecret).
Install
Start with the primary install command. Alternate entrypoints are included below for ClawHub and OpenClaw CLI users.
Primary command
clawhub install jswortz/secret-managerClawHub installer
npx clawhub@latest install jswortz/secret-managerOpenClaw CLI
openclaw skills install jswortz/secret-managerDirect OpenClaw install
openclaw install jswortz/secret-managerWhat this skill does
A secure way to manage API keys for OpenClaw using the system keyring (GNOME Keyring / libsecret).
Why it matters
Keeps credentials in the OS keyring rather than plaintext config files, reducing the risk of accidental exposure via dotfiles or version control.
Typical use cases
- Storing an OpenAI API key without hardcoding it in config files
- Rotating a Discord bot token across all OpenClaw services at once
- Listing all currently configured API keys from the command line
- Setting up a fresh OpenClaw installation with all required credentials
- Propagating a new Gemini API key to the running gateway without manual restarts
Source instructions
Secret Manager
A secure way to manage API keys for OpenClaw using the system keyring (GNOME Keyring / libsecret).
This skill provides a secret-manager CLI that:
- Stores API keys securely using
secret-tool. - Injects them into your
auth-profiles.json. - Propagates them to
systemduser environment. - Restarts the OpenClaw Gateway service inside your Distrobox container.
Installation
Ensure you have the dependencies:
- Debian/Ubuntu:
sudo apt install libsecret-tools - Fedora:
sudo dnf install libsecret - Arch:
sudo pacman -S libsecret
Copy the script to your path or run it directly.
Configuration
The script uses default paths that work for most OpenClaw installations, but you can override them with environment variables:
| Variable | Description | Default |
|---|---|---|
OPENCLAW_CONTAINER | Name of the Distrobox container | clawdbot |
OPENCLAW_HOME | Path to OpenClaw config directory | ~/.openclaw |
SECRETS_ENV_FILE | Path to an optional .env file to source | ~/.config/openclaw/secrets.env |
Usage
List all configured keys:
secret-manager list
Set a key (interactive prompt):
secret-manager OPENAI_API_KEY
# (Paste key when prompted)
Set a key (direct):
secret-manager DISCORD_BOT_TOKEN "my-token-value"
Supported Keys:
OPENAI_API_KEYGEMINI_API_KEYDISCORD_BOT_TOKENGATEWAY_AUTH_TOKENOLLAMA_API_KEYGIPHY_API_KEYGOOGLE_PLACES_API_KEYLINKEDIN_LI_ATLINKEDIN_JSESSIONID