github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-30 04:55:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs(secrets): clarify partial migration guidance

Browse Source
This commit is contained in:
joshavant
2026-02-26 00:54:14 -06:00
committed by Peter Steinberger
parent 7671c1dd10
commit 14897e8de7
3 changed files with 39 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/gateway/secrets.md
View File

@@ -128,6 +128,7 @@ Define providers under `secrets.providers`:
- Runs configured absolute binary path, no shell.
- By default, `command` must point to a regular file (not a symlink).
- Set `allowSymlinkCommand: true` to allow symlink command paths (for example Homebrew shims). OpenClaw validates the resolved target path.
- Enable `allowSymlinkCommand` only when required for trusted package-manager paths, and pair it with `trustedDirs` (for example `["/opt/homebrew"]`).
- When `trustedDirs` is set, checks apply to the resolved target path.
- Supports timeout, no-output timeout, output byte limits, env allowlist, and trusted dirs.
- Request payload (stdin):
@@ -310,6 +311,11 @@ openclaw secrets configure
openclaw secrets audit --check
```
Migration completeness:
- Include `skills.entries.<skillKey>.apiKey` targets when those skills use API keys.
- If `audit --check` still reports plaintext findings after a partial migration, migrate the remaining reported paths and rerun audit.
### `secrets audit`
Findings include: