Security

Introduction OpenClaw Gateway runs locally by default (127.0.0.1:18789), which means: ✅ Secure: No external access ❌ Limited: Can only be used locally If you want to: Run OpenClaw on your home server and access it remotely from your phone Share an OpenClaw instance with your team Use your home AI assistant while away Then Tailscale integration is your best choice. What is Tailscale? Tailscale is a zero-config VPN tool based on WireGuard. It lets you easily build a private network (Tailnet) and securely connect any devices. ...

前言 OpenClaw Gateway 默认只在本地运行（127.0.0.1:18789），这意味着： ✅ 安全：外部无法直接访问 ❌ 局限：只能在本地使用，无法远程控制 如果你希望： 在家里的服务器运行 OpenClaw，用手机远程访问 团队协作时共享一个 OpenClaw 实例 出门在外时仍能使用家里的 AI 助手 那么 Tailscale 集成是你的最佳选择。 ...

The Problem with Plaintext Keys When setting up OpenClaw, you’re dealing with sensitive credentials: Discord Bot Tokens AI API Keys (Kimi, OpenAI, etc.) Service credentials The temptation: Just paste them into openclaw.json The risk: One accidental git commit, and your keys are public. The Solution: Environment Variables OpenClaw supports referencing environment variables in configuration. Your config file only contains placeholders, actual values live in environment variables. How It Works { "channels": { "discord": { "token": "${env:DISCORD_BOT_TOKEN}" } } } The ${env:VAR_NAME} syntax tells OpenClaw to read from environment variables at runtime. ...

前言 在使用 OpenClaw 的过程中，我们不可避免地会接触到各种 API 密钥：Discord Bot Token、Kimi API Key、GitHub PAT 等。这些密钥如果明文存储在配置文件中，存在严重的安全隐患。 ...