secret-manager
// Manage API keys securely via GNOME Keyring and inject them into OpenClaw config.
$ git log --oneline --stat
stars:1,933
forks:367
updated:March 4, 2026
SKILL.mdreadonly
SKILL.md Frontmatter
namesecret-manager
descriptionManage API keys securely via GNOME Keyring and inject them into OpenClaw config.
homepagehttps://github.com/openclaw/skills
metadata[object Object]
Secret Manager
A secure way to manage API keys for OpenClaw using the system keyring (GNOME Keyring / libsecret).
This skill provides a secret-manager CLI that:
- Stores API keys securely using
secret-tool. - Injects them into your
auth-profiles.json. - Propagates them to
systemduser environment. - Restarts the OpenClaw Gateway service inside your Distrobox container.
Installation
Ensure you have the dependencies:
- Debian/Ubuntu:
sudo apt install libsecret-tools - Fedora:
sudo dnf install libsecret - Arch:
sudo pacman -S libsecret
Copy the script to your path or run it directly.
Configuration
The script uses default paths that work for most OpenClaw installations, but you can override them with environment variables:
| Variable | Description | Default |
|---|---|---|
OPENCLAW_CONTAINER | Name of the Distrobox container | clawdbot |
OPENCLAW_HOME | Path to OpenClaw config directory | ~/.openclaw |
SECRETS_ENV_FILE | Path to an optional .env file to source | ~/.config/openclaw/secrets.env |
Usage
List all configured keys:
secret-manager list
Set a key (interactive prompt):
secret-manager OPENAI_API_KEY
# (Paste key when prompted)
Set a key (direct):
secret-manager DISCORD_BOT_TOKEN "my-token-value"
Supported Keys:
OPENAI_API_KEYGEMINI_API_KEYDISCORD_BOT_TOKENGATEWAY_AUTH_TOKENOLLAMA_API_KEYGIPHY_API_KEYGOOGLE_PLACES_API_KEYLINKEDIN_LI_ATLINKEDIN_JSESSIONID