secret-manager
This skill manages API keys with GNOME Keyring, updates auth-profiles.json, sources SECRETS_ENV_FILE, imports secrets into the systemd user environment, and restarts the OpenClaw Gateway. It reads/writes secrets via secret-tool and executes system commands (systemctl, distrobox enter) that modify local configs and user services.
Secret Manager
A secure way to manage API keys for OpenClaw using the system keyring (GNOME Keyring / libsecret).
This skill provides a secret-manager CLI that:
- Stores API keys securely using
secret-tool. - Injects them into your
auth-profiles.json. - Propagates them to
systemduser environment. - Restarts the OpenClaw Gateway service inside your Distrobox container.
Installation
Ensure you have the dependencies:
- Debian/Ubuntu:
sudo apt install libsecret-tools - Fedora:
sudo dnf install libsecret - Arch:
sudo pacman -S libsecret
Copy the script to your path or run it directly.
Configuration
The script uses default paths that work for most OpenClaw installations, but you can override them with environment variables:
| Variable | Description | Default |
|---|---|---|
OPENCLAW_CONTAINER | Name of the Distrobox container | clawdbot |
OPENCLAW_HOME | Path to OpenClaw config directory | ~/.openclaw |
SECRETS_ENV_FILE | Path to an optional .env file to source | ~/.config/openclaw/secrets.env |
Usage
List all configured keys:
secret-manager list
Set a key (interactive prompt):
secret-manager OPENAI_API_KEY
# (Paste key when prompted)
Set a key (direct):
secret-manager DISCORD_BOT_TOKEN "my-token-value"
Supported Keys:
OPENAI_API_KEYGEMINI_API_KEYDISCORD_BOT_TOKENGATEWAY_AUTH_TOKENOLLAMA_API_KEYGIPHY_API_KEYGOOGLE_PLACES_API_KEYLINKEDIN_LI_ATLINKEDIN_JSESSIONID