SecretsProvider: env, keyring, 1Password providers (building on #16663)

[akoscz]

Context

PR #16663 by @amor71 delivers GCP, AWS, Azure, and Vault secret providers with CLI tooling, per-agent IAM isolation, stale-while-revalidate caching, migration scripts, and 130+ tests.

Our PR #11539 had a SecretsProvider interface and implementations for env vars and OS keyring. We closed it and are building on top of their work.

Plan

1. ✅ Port env provider — resolves secrets from environment variables (with optional prefix, hyphen-to-underscore mapping)
2. ✅ Port keyring provider — OS-native credential storage (macOS security CLI, Linux secret-tool/libsecret)
3. ✅ Add 1Password provider — uses op CLI (op read op://vault/item/field), supports service account tokens for CI
4. ✅ Register all three in buildSecretProviders()
5. 🔄 Review + fix cycle — in progress
6. ⬜ Docs

Division of Labor

Who	Scope
@amor71	GCP, AWS, Azure, Vault (done in #16663)
@akoscz	env, keyring (macOS + Linux), 1Password

Depends On

• feat: GCP Secret Manager integration for external secrets management #16663 (must land first)

References

• feat: pluggable secrets manager integration ($secret{NAME} syntax) #11539 (our original PR, closed)
• Add native secrets management integration (AWS Secrets Manager, Vault, etc.) #13610 (original GCP secrets issue)

[akoscz]

@amor71 Heads up — we're actively building on your branch now. Here's our approach:

What we're adding

Two new SecretProvider implementations behind your existing interface:

EnvSecretProvider (${env:NAME})

• Resolves secrets from environment variables
• Optional prefix config (e.g. prefix OPENCLAW_ maps slack-bot-token → OPENCLAW_SLACK_BOT_TOKEN)
• Hyphen-to-underscore + uppercase mapping
• Read-only (setSecret throws) — env vars aren't writable at runtime
• Zero dependencies

KeyringSecretProvider (${keyring:NAME})

• macOS: security CLI with a dedicated OpenClaw keychain (~/Library/Keychains/openclaw.keychain-db)
• Linux: secret-tool / libsecret (GNOME Keyring / KDE Wallet via D-Bus Secret Service)
• Uses execFile (not exec) — no shell invocation
• Keychain password passed via stdin, not CLI args
• Zero npm dependencies — platform-native CLIs only

Integration points

We're touching two spots in your code:

1. SecretsConfig type in secret-resolution.ts — adding env and keyring config options
2. buildSecretProviders() in secret-resolution.ts — adding env and keyring cases

Everything else is in new files (env-secret-provider.ts, keyring-secret-provider.ts + tests).

Merge strategy

We're branching off your PR head (amor71/secrets-gcp). Once your PR lands on main, we'll rebase and open our PR on top. If you push more commits to your branch, let us know and we'll rebase — the conflict surface is small (just the two spots above).

Any concerns or suggestions on the approach?