Environment-Variables on D5Nhttps://www.d5n.xyz/tags/environment-variables/Recent content in Environment-Variables on D5NHugo -- 0.146.5zh-CNTue, 03 Mar 2026 22:00:00 +0800OpenClaw API Key Management: Environment Variables Best Practiceshttps://www.d5n.xyz/en/posts/openclaw-secretref-guide/Tue, 03 Mar 2026 22:00:00 +0800https://www.d5n.xyz/en/posts/openclaw-secretref-guide/<h2 id="the-problem-with-plaintext-keys">The Problem with Plaintext Keys</h2> <p>When setting up OpenClaw, you&rsquo;re dealing with sensitive credentials:</p> <ul> <li>Discord Bot Tokens</li> <li>AI API Keys (Kimi, OpenAI, etc.)</li> <li>Service credentials</li> </ul> <p><strong>The temptation:</strong> Just paste them into <code>openclaw.json</code></p> <p><strong>The risk:</strong> One accidental git commit, and your keys are public.</p> <hr> <h2 id="the-solution-environment-variables">The Solution: Environment Variables</h2> <p>OpenClaw supports referencing environment variables in configuration. Your config file only contains placeholders, actual values live in environment variables.</p> <h3 id="how-it-works">How It Works</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;channels&#34;</span>: { </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;discord&#34;</span>: { </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;token&#34;</span>: <span style="color:#e6db74">&#34;${env:DISCORD_BOT_TOKEN}&#34;</span> </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><p>The <code>${env:VAR_NAME}</code> syntax tells OpenClaw to read from environment variables at runtime.</p>