Config backup (.bak) file persists and contains sensitive data #31699
Description
Problem
The gateway automatically creates openclaw.json.bak on every config write, and this backup file persists indefinitely.
Root cause: config-XLaWsyXv.js line 8389 copies the config to .bak on every write operation.
Security Impact
The .bak file contains all secrets from the main config:
- Gateway tokens
- API keys (Anthropic, Notion, etc.)
- Channel credentials
This creates unnecessary credential exposure:
- Doubles the credential footprint (2 files instead of 1)
- Not covered by standard gitignore patterns
- Survives config updates indefinitely
- May be included in backups/syncs unintentionally
Suggested Fix
- Option A (preferred): Don't create the .bak file at all - config writes should be atomic or use a temp file that's immediately cleaned up
- Option B: Auto-delete the .bak file immediately after a successful config write
- Option C: Document that .bak files are transient and should be cleaned by user automation
Workaround
Users can implement a cleanup cron job or file watcher to auto-delete the .bak file, but this shouldn't be necessary.
Environment
- OpenClaw version: 2026.2.24 (installed via pnpm)
- Platform: Windows 10
- Install method: npm/pnpm global install