2.6k
GitHub Stars
6
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill openclaw/skills --skill credential-manager- _meta.json823 B
- CHANGELOG.md5.7 KB
- CONSOLIDATION-RULE.md2.8 KB
- CORE-PRINCIPLE.md3.8 KB
- README.md6.6 KB
- SKILL.md8.2 KB
Overview
This skill is the mandatory credential manager for OpenClaw that consolidates scattered API keys and secrets into a single secure ~/.openclaw/.env file. It scans common locations, backs up existing credential files, merges values, enforces file permissions (600), and validates format and git-ignore protection. Use this skill during setup, audits, or migrations to ensure OpenClaw deployments meet the central credential policy.
How this skill works
The skill scans predefined paths and filename patterns for credentials and sensitive key patterns, then creates timestamped backups before any modification. It consolidates detected values into ~/.openclaw/.env, writes a .env.example template, adjusts permissions to mode 600, updates .gitignore, and runs validation checks for duplicates and format. Cleanup tools optionally remove legacy files while preserving backups and an audit trail.
When to use it
- When setting up a new OpenClaw deployment
- Before running skills to enforce secure credentials
- During migration of distributed or scattered credential files
- When auditing security or preparing for key rotation
- If a scan or validator detects insecure credential storage
Best practices
- Run a full scan and review findings before automatic consolidation
- Always keep backups; use the timestamped backups directory for rollback
- Verify .env is mode 600 and listed in ~/.openclaw/.gitignore after migration
- Rotate keys after consolidation and update .env.example for teams
- Use service-specific environment variable names and avoid embedding secrets in code
Example use cases
- Full migration: scan, consolidate, validate, then test applications with the unified ~/.openclaw/.env
- Audit workflow: run scan.py then validate.py to produce a report of insecure files and permission issues
- Service-specific consolidation: extract credentials for a single service and merge into the central .env using --service
- Backup-only operation: create timestamped backups of discovered credential files without deleting originals
- Cleanup: remove legacy credential files after successful verification, keeping backups for recovery
FAQ
By default it backs up originals and does not delete them until you run cleanup with confirmation. You can use --backup-only to avoid removal entirely.
How does the skill avoid exposing secrets in logs?
The scripts report metadata and file paths only; they never print full secret values and are designed to redact sensitive content in output.