github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-19 08:58:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Secrets: harden SecretRef-safe models.json persistence (#38955)

Browse Source
This commit is contained in:
Josh Avant
2026-03-07 11:28:39 -06:00
committed by GitHub
parent b08337b902
commit 8e20dd22d8
66 changed files with 2713 additions and 299 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/gateway/secrets.md
View File

@@ -372,11 +372,16 @@ openclaw secrets audit --check
Findings include:
- plaintext values at rest (`openclaw.json`, `auth-profiles.json`, `.env`)
- plaintext values at rest (`openclaw.json`, `auth-profiles.json`, `.env`, and generated `agents/*/agent/models.json`)
- plaintext sensitive provider header residues in generated `models.json` entries
- unresolved refs
- precedence shadowing (`auth-profiles.json` taking priority over `openclaw.json` refs)
- legacy residues (`auth.json`, OAuth reminders)
Header residue note:
- Sensitive provider header detection is name-heuristic based (common auth/credential header names and fragments such as `authorization`, `x-api-key`, `token`, `secret`, `password`, and `credential`).
### `secrets configure`
Interactive helper that: