Security Alert: OpenClaw Backup Files Expose Plaintext API Keys

A newly reported issue highlights a security risk that every OpenClaw user should be aware of: configuration backup files may contain your plaintext API keys and tokens.

The Problem

When you modify your openclaw.json configuration—whether through openclaw configure or manual editing—OpenClaw creates a backup file called openclaw.json.bak. This backup contains a complete copy of your configuration, including:

• API keys (Anthropic, OpenAI, xAI, etc.)
• Gateway tokens
• Bot tokens (Telegram, Discord, etc.)
• Service credentials (Notion, Todoist, etc.)

The backup file lives in your config directory (typically ~/.openclaw/) and persists indefinitely unless you manually delete it.

Why This Matters

This creates several security risks:

1. Accidental commits: .bak files aren't covered by standard .gitignore patterns. If you version-control your dotfiles or config directory, you might accidentally push your secrets to a remote repository.

2. Backup exposure: System backups, cloud sync services, or file-sharing tools may capture these .bak files alongside your regular configs.

3. Persistence: Unlike temporary files, these backups don't clean themselves up. A single config edit creates a permanent record of your secrets.

4. Compliance issues: For users in regulated environments, having unencrypted credentials persisting on disk violates data minimization principles.

Immediate Workarounds

Until an official fix lands, here are your options:

Linux/macOS: Add a cleanup cron job:

find ~/.openclaw -name "*.bak" -delete

Windows PowerShell:

$bakPath = "$HOME\.openclaw\openclaw.json.bak"
if (Test-Path $bakPath) { Remove-Item $bakPath -Force }

For everyone: Add *.bak to your global .gitignore:

echo "*.bak" >> ~/.gitignore_global
git config --global core.excludesfile ~/.gitignore_global

The Fix We Need

The issue proposes several solutions, from eliminating backup files entirely to encrypting them or auto-deleting after successful writes. The recommended approach is simply not creating backups for config files that contain secrets—most users don't need rollback capability for their AI agent configuration.

Check Your System Now

Run this command to see if you have exposed backup files:

find ~/ -name "openclaw.json.bak" 2>/dev/null

If you find any, delete them immediately and rotate any API keys that may have been exposed.

This is a good reminder that security hygiene extends beyond your primary configuration files. Always check what artifacts your tools leave behind.