OpenClaw API Key Management: Environment Variables Best Practices
The Problem with Plaintext Keys When setting up OpenClaw, you’re dealing with sensitive credentials: Discord Bot Tokens AI API Keys (Kimi, OpenAI, etc.) Service credentials The temptation: Just paste them into openclaw.json The risk: One accidental git commit, and your keys are public. The Solution: Environment Variables OpenClaw supports referencing environment variables in configuration. Your config file only contains placeholders, actual values live in environment variables. How It Works { "channels": { "discord": { "token": "${env:DISCORD_BOT_TOKEN}" } } } The ${env:VAR_NAME} syntax tells OpenClaw to read from environment variables at runtime. ...