Feature: Built-in secrets management integration (Doppler, 1Password, etc.)

[realsamrat]

Summary

Request for native integration with secrets management tools like Doppler, 1Password, HashiCorp Vault, or similar - instead of relying on .env files and JSON configs for sensitive credentials.

Problem

Currently, API keys and secrets are stored in:

• .env files (plaintext on disk)
• openclaw.json config (plaintext on disk)
• Environment variables

This is insecure because:

• Secrets are visible in plaintext files
• Easy to accidentally commit to git
• No audit trail for secret access
• No automatic rotation
• Difficult to manage across multiple environments

Proposed Solution

Native integration with secrets managers:

Tier 1 (Most Requested)

• Doppler - Popular for CLI/server environments
• 1Password CLI - Common for personal/team use
• Bitwarden CLI - Open source alternative

Tier 2

• HashiCorp Vault - Enterprise standard
• AWS Secrets Manager
• macOS Keychain - Already on every Mac

Proposed Config

{
  "secrets": {
    "provider": "doppler",
    "doppler": {
      "project": "openclaw",
      "config": "dev"
    },
    "mapping": {
      "ANTHROPIC_API_KEY": "anthropic.apiKey",
      "ELEVENLABS_API_KEY": "messages.tts.elevenlabs.apiKey",
      "TELEGRAM_BOT_TOKEN": "channels.telegram.botToken"
    }
  }
}

Benefits

1. Security - Secrets never stored in plaintext files
2. Audit trail - Know who accessed what and when
3. Rotation - Easy secret rotation without config changes
4. Environment management - Dev/staging/prod secrets separated
5. Team sharing - Secure secret sharing without sending keys in chat

Current Workaround

Using Doppler CLI manually:

ELEVENLABS_API_KEY=$(doppler secrets get ELEVENLABS_API_KEY --plain) openclaw gateway start

This works but requires manual setup and doesn't integrate with OpenClaw's config system.

---

Filed via Wiwi 🦊 on behalf of @realsamrat

[danielbrodie]

Seconded.

[tijove]

+1 on this. Running OpenClaw on a Pi 5 with 1Password service account for runtime secrets (op read in scripts). Works but the auth-profiles.json and openclaw.json still store tokens in plaintext on disk. Would love native op:// references in config — #5760 was closed in triage but the need is real. Even basic support for environment variable interpolation in auth profile storage would help.

[akoscz]

RFC: Pluggable Secrets Manager Integration — Working Prototype

We built a working prototype for this. Sharing the design for feedback before opening a PR.

Branch: feature/secrets-manager-integration
Implementation: src/config/secrets/

Problem

Secrets in openclaw.json are plaintext. The existing ${ENV_VAR} substitution helps, but doesn't cover secret managers, keychains, or cloud-native credential stores.

Solution: $secret{NAME} syntax + pluggable providers

{
  "secrets": {
    "provider": "gcp",
    "gcp": { "project": "my-project-id" }
  },
  "channels": {
    "slack": {
      "botToken": "$secret{openclaw-slack-bot-token}",
      "appToken": "$secret{openclaw-slack-app-token}"
    }
  }
}

Provider Interface

Minimal and extensible:

interface SecretsProvider {
  name: string;
  resolve(secretName: string): Promise<string>;
  resolveAll?(secretNames: string[]): Promise<Map<string, string>>;
  dispose?(): Promise<void>;
}

Providers

Provider	Status	Package/Tool
GCP Secret Manager	✅ Implemented	@google-cloud/secret-manager
Environment variables	✅ Implemented	(built-in)
AWS Secrets Manager	📋 Stub	@aws-sdk/client-secrets-manager
macOS Keychain / OS Keyring	📋 Stub	keytar
1Password	📋 Stub	1Password CLI / Connect API
Doppler	📋 Stub	Doppler CLI / REST API
Bitwarden	📋 Stub	Bitwarden Secrets Manager SDK
HashiCorp Vault	📋 Stub	Vault HTTP API

Stub providers are wired into the factory with clear "not yet implemented" errors and contribution pointers. We don't currently have access to these services, so no implementation is provided.

Design Decisions

1. $secret{NAME} syntax — visually distinct from ${ENV_VAR}, no parser ambiguity. Escaping via $$secret{...} mirrors the existing $${...} pattern.
2. Pipeline integration — resolves after resolveConfigEnvVars() in io.ts, so you can use ${GCP_PROJECT} inside secrets.gcp.project. The secrets block itself is excluded from resolution (no circular deps).
3. Sync safety — the sync loadConfig() path detects unresolved $secret{...} refs and throws a clear error, since secret resolution requires async.
4. GCP provider — uses dynamic import (optional dep), ADC for auth, in-memory caching.

What's Included

• src/config/secrets/ — provider interface, resolution logic, 8 providers (2 implemented + 6 stubs)
• Updated io.ts with async resolution step + sync safety check
• Zod schema validation for the secrets config block
• 29 tests covering resolution, escaping, circular dep protection, batch paths, edge cases

Backwards Compatible

No secrets block = zero behavior change. Fully additive.

Built with AI assistance (Claude). All tests passing. Happy to open a PR if the design direction looks good.

Relates to: #2065, #5760, #4727

[akoscz]

Update: Cross-platform Keyring provider + more provider stubs

Quick follow-up — we've expanded the prototype significantly:

New: Cross-platform Keyring provider (fully implemented)

Third working provider alongside GCP and env. Uses platform-native CLIs — zero npm dependencies.

macOS — uses the security CLI with a dedicated OpenClaw keychain:

• Dedicated keychain file (~/Library/Keychains/openclaw.keychain-db) — doesn't pollute login keychain
• Auto-unlock with configurable password, locks on dispose()
• Tested on macOS Sequoia 15.7.3

Linux — uses secret-tool (libsecret / D-Bus Secret Service API):

• Works with GNOME Keyring, KDE Wallet, and any Secret Service provider
• Distro-specific install instructions in error messages (Arch, Ubuntu, Fedora)
• Tested on CachyOS (Arch-based) with libsecret 0.21.7

Both platforms get clear error messages with setup instructions. Windows shows a "not supported" error with contributor guidance.

{
  "secrets": {
    "provider": "keyring"
    // Optional: "keyring": { "keychainPath": "...", "account": "openclaw" }
  },
  "channels": {
    "slack": { "botToken": "$secret{slack-bot-token}" }
  }
}

Setup (one-time):

# macOS
security create-keychain -p '' ~/Library/Keychains/openclaw.keychain-db
security add-generic-password -a openclaw -s slack-bot-token -w "xoxb-..." ~/Library/Keychains/openclaw.keychain-db

# Linux
echo -n "xoxb-..." | secret-tool store --label="openclaw: slack-bot-token" service openclaw key slack-bot-token

Additional provider stubs

Added stubs for all providers mentioned in the original issue, bringing the total to 8:

Provider	Status
GCP Secret Manager	✅ Implemented
Environment variables	✅ Implemented
macOS Keychain	✅ Implemented
Linux Keyring (libsecret)	✅ Implemented
AWS Secrets Manager	📋 Stub
1Password	📋 Stub
Doppler	📋 Stub
Bitwarden	📋 Stub
HashiCorp Vault	📋 Stub

Each stub is wired into the provider factory with config options and clear "not yet implemented" errors pointing to the source file for contributors. We don't currently have access to these services, so no implementation is provided — but the interface is ready.

Updated branch: feature/secrets-manager-integration (6 commits, ~1200 lines, 29 tests passing)

[akoscz]

PR opened: #11539

Implements the $secret{NAME} approach discussed above with env, GCP Secret Manager, and OS keyring (macOS + Linux) providers. Full details and design rationale in the PR description.

[nishantkabra77]

+1 — Running OpenClaw on a home Mac mini. FileVault is on and file permissions are tight, but having all API keys (Anthropic, Slack bot tokens, Telegram bot token, etc.) in plaintext in openclaw.json and .env files is a real concern. The macOS Keychain provider in PR #11539 is exactly what's needed. Would love to see this ship soon.

[sebslight]

Closing as duplicate of #13610. If this is incorrect, comment and we can reopen.

[tijove]

Closing as duplicate of #13610. If this is incorrect, comment and we can reopen.

This is the original issue, #13610 is the duplicate I believe.

[realsamrat]

Exactly , this is the original issue I'm pretty sure

[akoscz]

continuing this through the following PR #16663