docs(security): Add API key hardening guide

[jmkritt]

Summary

Adds a guide to docs/security/ explaining how to protect API keys from agent access using Linux user isolation.

The Problem

Agents have filesystem access and can accidentally (or be tricked into) exposing API keys stored in .env files. Rules-based protection ('please don't read this') is not sufficient — agents can forget, make mistakes while debugging, or be manipulated via prompt injection.

The Solution

This guide shows how to:

1. Create a separate Linux user that owns secrets
2. Write wrapper scripts that use those secrets internally
3. Configure limited sudo access for the agent
4. Result: Agent can USE APIs but cannot SEE credentials

This is a hard technical block enforced by the kernel, not agent discipline.

Context

• Feature request for native support: Feature Request: Masked Secrets - Prevent Agent from Accessing Raw API Keys #10659
• Standalone repo with templates: https://github.com/jmkritt/openclaw-secrets-hardening

This guide provides a working solution today while native masked secrets support is being considered.

Greptile Overview

Greptile Summary

Adds a new security doc at docs/security/api-key-hardening.md describing a Linux user-isolation pattern for keeping API keys out of an agent’s readable filesystem while still allowing API usage via whitelisted sudo-run wrapper scripts. The guide walks through creating a dedicated “secrets” user, placing secrets in a root-owned home directory, creating wrapper scripts that source the secrets, and configuring a sudoers allowlist so the agent can execute only those scripts.

Confidence Score: 3/5

• Safe to merge after fixing sudoers-related correctness/security guidance in the new doc.
• Only documentation changes, but the doc currently contains sudoers guidance that can be misapplied (whitelist/test mismatch) and may give a false sense of safety if the allowlist can be bypassed via alternate invocation paths; these should be corrected to avoid teaching an insecure or non-working setup.
• docs/security/api-key-hardening.md

_{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!}

Context used:

• Context from dashboard - CLAUDE.md (source)
• Context from dashboard - AGENTS.md (source)

[greptile-apps]

_{1 file reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Sudoers bypass via interpreter
The sudoers example whitelists /home/secretsuser/scripts/myapi.sh, but that can typically be bypassed by executing the same file through an allowed interpreter (e.g. sudo -u secretsuser /bin/bash /home/secretsuser/scripts/myapi.sh ...), which defeats the allowlist intent if /bin/bash is already allowed by default. Consider documenting the need for sudoers to match the command line strictly (or use sudoers command aliases with arguments / NOEXEC, and ensure the agent user cannot run an arbitrary interpreter as secretsuser).

Prompt To Fix With AI

This is a comment left during a code review.
Path: docs/security/api-key-hardening.md
Line: 63:66

Comment:
**Sudoers bypass via interpreter**
The sudoers example whitelists `/home/secretsuser/scripts/myapi.sh`, but that can typically be bypassed by executing the same file through an allowed interpreter (e.g. `sudo -u secretsuser /bin/bash /home/secretsuser/scripts/myapi.sh ...`), which defeats the allowlist intent if `/bin/bash` is already allowed by default. Consider documenting the need for `sudoers` to match the command line strictly (or use `sudoers` command aliases with arguments / `NOEXEC`, and ensure the agent user cannot run an arbitrary interpreter as `secretsuser`).

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

Test command contradicts whitelist
Step 6 tests running the script with sudo -u secretsuser ..., but Step 5 only configures NOPASSWD for sudo /home/secretsuser/scripts/myapi.sh (no -u secretsuser in the example). As written, a user without broader sudo rights will get prompted for a password (or fail) when running the test command. Either update the test to sudo /home/secretsuser/scripts/myapi.sh ... (matching the sudoers line) or update the sudoers example to explicitly allow sudo -u secretsuser /home/.../myapi.sh usage.

Prompt To Fix With AI

This is a comment left during a code review.
Path: docs/security/api-key-hardening.md
Line: 108:112

Comment:
**Test command contradicts whitelist**
Step 6 tests running the script with `sudo -u secretsuser ...`, but Step 5 only configures `NOPASSWD` for `sudo /home/secretsuser/scripts/myapi.sh` (no `-u secretsuser` in the example). As written, a user without broader sudo rights will get prompted for a password (or fail) when running the test command. Either update the test to `sudo /home/secretsuser/scripts/myapi.sh ...` (matching the sudoers line) or update the sudoers example to explicitly allow `sudo -u secretsuser /home/.../myapi.sh` usage.

How can I resolve this? If you propose a fix, please make it concise.

[vincentkoc]

Thanks for your submission however we are closing your PR as stale, if you need to re-open please review contributing guide and if you feel like its required re-open under a new PR. Ensure you have addressed all checks, conflicts and issues. Thanks.