ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified system Safety 4/5

secret-manager

Manage API keys securely via GNOME Keyring and inject them into OpenClaw config.

Why use this skill?

Securely store and inject API keys into OpenClaw using the secret-manager skill. Protect your credentials with GNOME Keyring and streamline your agent authentication process.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/jswortz/secret-manager
Or

What This Skill Does

The Secret Manager skill acts as a robust intermediary between your local desktop environment and OpenClaw services. By leveraging GNOME Keyring (via libsecret), it ensures that sensitive API keys are never stored in plain text configuration files. Instead, it encrypts your credentials at the system level, providing a secure vault for your AI agent's authentication tokens. The skill automatically handles the injection of these secrets into the OpenClaw configuration directory and ensures that the OpenClaw Gateway service within your Distrobox container is aware of these credentials, keeping your workflow seamless and hardened against local exposure.

Installation

To get started, ensure your system has the necessary libsecret utilities installed. For Debian/Ubuntu, run sudo apt install libsecret-tools. For Fedora, use sudo dnf install libsecret, and for Arch Linux, use sudo pacman -S libsecret. Once dependencies are met, install the skill via the OpenClaw CLI using the command clawhub install openclaw/skills/skills/jswortz/secret-manager. You may need to restart your terminal session or the OpenClaw service to ensure the PATH is updated and the secret-manager binary is accessible.

Use Cases

The primary use case is securing professional-grade AI deployments. Whether you are managing multiple LLM providers like OpenAI and Gemini, or connecting to external services like Discord or LinkedIn, the Secret Manager prevents credential leakage. It is particularly useful for users running OpenClaw in containerized environments (Distrobox), as it bridges the gap between host-level system security and container-level service execution, allowing for secure hot-swapping of API keys without manual editing of JSON configuration files.

Example Prompts

  1. "secret-manager set OPENAI_API_KEY sk-1234567890abcdefghijklmnopqrstuvwxyz"
  2. "secret-manager list"
  3. "secret-manager set DISCORD_BOT_TOKEN"

Tips & Limitations

Always ensure that your environment variables match your expected configuration; while the default paths (~/.openclaw and clawdbot container) cover most installations, custom setups require adjusting OPENCLAW_HOME or OPENCLAW_CONTAINER. Note that this tool currently relies on GNOME Keyring; users on systems lacking a D-Bus secret service may experience issues. Keep your keys rotated, and remember that this tool only manages the injection; the underlying services must still have permission to interact with the external APIs.

Read Full Documentation on GitHub

Metadata

Author@jswortz
Stars1865
Views1
Updated2026-03-03
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-jswortz-secret-manager": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#keyring#authentication#devops#secrets
Safety Score: 4/5

Flags: file-write, file-read, code-execution