Security Bug: OpenClaw Rewrites keyRef to Plaintext API Keys After Restart

A concerning security issue has surfaced in OpenClaw: when using keyRef to securely reference API keys from environment variables or secret stores, the gateway may rewrite your config with the actual plaintext key after a restart. This defeats the entire purpose of secure credential management.

The Problem

OpenClaw supports keyRef as a way to reference secrets without hardcoding them in your config:

{
  "auth": {
    "openrouter": {
      "api_key": "sk-or-v1-abc123...your-actual-key"
    }
  }
}

This pattern lets you:

• Store secrets in environment variables
• Use secret management tools
• Keep your config files safe to commit to git
• Rotate keys without editing config

The bug: after certain restart scenarios, OpenClaw resolves the keyRef and writes the actual API key back to your config file in plaintext. Your secure reference becomes:

{
  "auth": {
    "openrouter": {
      "api_key": "sk-or-v1-abc123...your-actual-key"
    }
  }
}

Why This Matters

This isn't just an inconvenience—it's a security regression:

1. Accidental commits: If your config is in a git repo, you might commit your API key
2. Log exposure: Config dumps in logs now contain real credentials
3. Backup risks: Backups of your config directory now contain secrets
4. Shared configs: If you share config snippets for debugging, you might leak keys
5. Audit failure: Security audits expect secrets to be externalized

Workarounds Until Fixed

1. Use file-based secrets

Store your key in a separate file with restricted permissions:

echo "sk-or-v1-your-key" > ~/.secrets/openrouter-key
chmod 600 ~/.secrets/openrouter-key

Then reference it (though verify this path isn't affected by the same bug).

2. Environment variable injection

Set keys in your shell profile or systemd unit:

[Service]
Environment="OPENROUTER_API_KEY=sk-or-v1-your-key"

3. Monitor your config file

Set up a simple watcher to alert you if keys appear in plaintext:

# Add to cron or a monitoring script
if grep -q 'api_key.*sk-' ~/.openclaw/openclaw.json; then
  echo "WARNING: Plaintext API key detected in config!"
fi

4. Git hooks

Add a pre-commit hook to prevent accidentally committing keys:

#!/bin/bash
if git diff --cached --name-only | xargs grep -l 'api_key.*sk-' 2>/dev/null; then
  echo "ERROR: Commit contains potential API key"
  exit 1
fi

The Bigger Picture

This bug highlights a broader challenge in AI agent frameworks: they handle sensitive credentials for multiple providers (OpenAI, Anthropic, OpenRouter, etc.), and the config system needs to treat secret references as immutable.

A proper fix should:

• Never resolve keyRef when writing config
• Treat keyRef objects as opaque during serialization
• Add a config validation warning if plaintext keys are detected
• Support secret store integrations (HashiCorp Vault, 1Password CLI, etc.)

Track the Issue

Follow #29108 on GitHub for updates. If you've been affected, add your scenario to help maintainers understand the scope.

In the meantime, audit your config files and make sure your API keys haven't been exposed.