OpenClaw + Tailscale Remote Access Guide: Two Secure Ways to Expose Your Gateway

Fri, 06 Mar 2026 09:00:00 +0800

Introduction

OpenClaw Gateway runs locally by default (127.0.0.1:18789), which means:

✅ Secure: No external access
❌ Limited: Can only be used locally

If you want to:

Run OpenClaw on your home server and access it remotely from your phone
Share an OpenClaw instance with your team
Use your home AI assistant while away

Then Tailscale integration is your best choice.

What is Tailscale?

Tailscale is a zero-config VPN tool based on WireGuard. It lets you easily build a private network (Tailnet) and securely connect any devices.

OpenClaw API Key Management: Environment Variables Best Practices

Tue, 03 Mar 2026 22:00:00 +0800

The Problem with Plaintext Keys

When setting up OpenClaw, you’re dealing with sensitive credentials:

Discord Bot Tokens
AI API Keys (Kimi, OpenAI, etc.)
Service credentials

The temptation: Just paste them into openclaw.json

The risk: One accidental git commit, and your keys are public.

The Solution: Environment Variables

OpenClaw supports referencing environment variables in configuration. Your config file only contains placeholders, actual values live in environment variables.

How It Works

{
 "channels": {
 "discord": {
 "token": "${env:DISCORD_BOT_TOKEN}"
 }
 }
}

The ${env:VAR_NAME} syntax tells OpenClaw to read from environment variables at runtime.