Security

Introduction OpenClaw Gateway runs locally by default (127.0.0.1:18789), which means: ✅ Secure: No external access ❌ Limited: Can only be used locally If you want to: Run OpenClaw on your home server and access it remotely from your phone Share an OpenClaw instance with your team Use your home AI assistant while away Then Tailscale integration is your best choice. What is Tailscale? Tailscale is a zero-config VPN tool based on WireGuard. It lets you easily build a private network (Tailnet) and securely connect any devices. ...

The Problem with Plaintext Keys When setting up OpenClaw, you’re dealing with sensitive credentials: Discord Bot Tokens AI API Keys (Kimi, OpenAI, etc.) Service credentials The temptation: Just paste them into openclaw.json The risk: One accidental git commit, and your keys are public. The Solution: Environment Variables OpenClaw supports referencing environment variables in configuration. Your config file only contains placeholders, actual values live in environment variables. How It Works { "channels": { "discord": { "token": "${env:DISCORD_BOT_TOKEN}" } } } The ${env:VAR_NAME} syntax tells OpenClaw to read from environment variables at runtime. ...