credential-manager
MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions. Includes GPG encryption for high-value secrets, credential rotation tracking, deep scanning, and backup hardening. Use when setting up OpenClaw, migrating credentials, auditing security, or enforcing the .env standard. This is not optional — centralized credential management is a core requirement for secure OpenClaw deployments.
Why use this skill?
Secure your OpenClaw deployment by consolidating scattered keys into an encrypted, centralized .env file. Prevent leaks and audit secrets today.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/teeclaw/openclaw-credential-managerWhat This Skill Does
The credential-manager is the mandatory security backbone of the OpenClaw ecosystem. It acts as an automated security auditor and consolidation engine, designed to eliminate "secret sprawl"—the dangerous practice of storing API keys and authentication tokens in scattered, insecure locations. The skill scans your entire filesystem for exposed credentials, backs up found files with secure permissions, and migrates them into a single, encrypted .env file located at ~/.openclaw/.env with strict 600 file permissions. Beyond simple migration, it provides advanced security features including GPG encryption for highly sensitive data like wallet private keys and mnemonic seed phrases, credential rotation tracking, and an intensive deep-scanning mode (--deep) that greps through source code files to catch hardcoded secrets before they are committed to version control.
Installation
To integrate this essential security layer into your OpenClaw environment, execute the following command in your terminal:
clawhub install openclaw/skills/skills/teeclaw/openclaw-credential-manager
Once installed, it is recommended to run an initial audit immediately to ensure your current deployment complies with the OpenClaw security standard.
Use Cases
- Initial Deployment Security: Enforcing the "Single Source of Truth" principle during the first setup of an OpenClaw instance.
- Security Auditing: Periodically scanning a workspace to detect if a skill or process has inadvertently written a secret to a local configuration file.
- Credential Migration: Safely moving keys from legacy project folders into the hardened
.envstorage. - Hardcoded Secret Removal: Using the --deep scan feature to find and sanitize sensitive data accidentally hardcoded into scripts or Python/Node.js files.
- Compliance & Rotation: Updating keys and ensuring that high-value assets remain encrypted via GPG protocols.
Example Prompts
- "Credential-manager, run a full system scan and consolidate all detected API keys into the centralized .env file."
- "Perform a deep scan for any hardcoded secrets in my current project directory and report the file paths and line numbers."
- "Encrypt my wallet mnemonic using GPG and update my rotation schedule for the AWS credentials."
Tips & Limitations
- Strict Permissions: Always ensure the target directory
~/.openclawis set to 700 to prevent unauthorized local user access. - GPG Setup: The GPG encryption feature requires a pre-configured GPG keypair on your system. Ensure your GPG agent is active before attempting to encrypt high-value secrets.
- Deep Scanning: The --deep flag is resource-intensive. Run it during off-peak hours or when your system is not under heavy load to ensure complete coverage of your filesystem.
- Non-Negotiable: Remember that this tool enforces a strict security policy. Modifying the internal path of the .env file is strongly discouraged as it may break other OpenClaw skills that rely on this standard location.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-teeclaw-openclaw-credential-manager": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-write, file-read
Related Skills
social-post
Post and reply to X/Twitter and Farcaster with text and images. Features multi-account support, dynamic Twitter tier detection (Basic/Premium), auto-variation to avoid duplicate content detection, draft preview, character validation, threads, replies, and image uploads. Consumption-based pricing for X API, pay-per-cast for Farcaster.
openclaw-basecred-sdk
Check human reputation via Ethos Network, Talent Protocol, and Farcaster using the neutral basecred-sdk. Fetches composable reputation data without judgment - raw scores, levels, and signals for identity verification and trust assessment. Use when you need to check someone's onchain credibility, builder/creator scores, or Farcaster quality metrics.