secret-manager
Manage API keys securely via GNOME Keyring and inject them into OpenClaw config.
Setup & Installation
Install command
clawhub install jswortz/secret-managerIf the CLI is not installed:
Install command
npx clawhub@latest install jswortz/secret-managerOr install with OpenClaw CLI:
Install command
openclaw skills install jswortz/secret-manageror paste the repo link into your assistant's chat
Install command
https://github.com/openclaw/skills/tree/main/skills/jswortz/secret-managerWhat This Skill Does
CLI tool that stores API keys in GNOME Keyring via libsecret and syncs them to OpenClaw config files and the systemd user environment. Supports keys for OpenAI, Gemini, Discord, GIPHY, Google Places, LinkedIn, and Ollama. Restarts the OpenClaw Gateway inside a Distrobox container after updates.
Keeps credentials in the OS keyring rather than plaintext config files, reducing the risk of accidental exposure via dotfiles or version control.
When to Use It
- Storing an OpenAI API key without hardcoding it in config files
- Rotating a Discord bot token across all OpenClaw services at once
- Listing all currently configured API keys from the command line
- Setting up a fresh OpenClaw installation with all required credentials
- Propagating a new Gemini API key to the running gateway without manual restarts
View original SKILL.md file
# Secret Manager A secure way to manage API keys for OpenClaw using the system keyring (GNOME Keyring / libsecret). This skill provides a `secret-manager` CLI that: 1. Stores API keys securely using `secret-tool`. 2. Injects them into your `auth-profiles.json`. 3. Propagates them to `systemd` user environment. 4. Restarts the OpenClaw Gateway service inside your Distrobox container. ## Installation Ensure you have the dependencies: - **Debian/Ubuntu:** `sudo apt install libsecret-tools` - **Fedora:** `sudo dnf install libsecret` - **Arch:** `sudo pacman -S libsecret` Copy the script to your path or run it directly. ## Configuration The script uses default paths that work for most OpenClaw installations, but you can override them with environment variables: | Variable | Description | Default | | :--- | :--- | :--- | | `OPENCLAW_CONTAINER` | Name of the Distrobox container | `clawdbot` | | `OPENCLAW_HOME` | Path to OpenClaw config directory | `~/.openclaw` | | `SECRETS_ENV_FILE` | Path to an optional .env file to source | `~/.config/openclaw/secrets.env` | ## Usage **List all configured keys:** ```bash secret-manager list ``` **Set a key (interactive prompt):** ```bash secret-manager OPENAI_API_KEY # (Paste key when prompted) ``` **Set a key (direct):** ```bash secret-manager DISCORD_BOT_TOKEN "my-token-value" ``` **Supported Keys:** - `OPENAI_API_KEY` - `GEMINI_API_KEY` - `DISCORD_BOT_TOKEN` - `GATEWAY_AUTH_TOKEN` - `OLLAMA_API_KEY` - `GIPHY_API_KEY` - `GOOGLE_PLACES_API_KEY` - `LINKEDIN_LI_AT` - `LINKEDIN_JSESSIONID`
Example Workflow
Here's how your AI assistant might use this skill in practice.
User asks: Storing an OpenAI API key without hardcoding it in config files
- 1Storing an OpenAI API key without hardcoding it in config files
- 2Rotating a Discord bot token across all OpenClaw services at once
- 3Listing all currently configured API keys from the command line
- 4Setting up a fresh OpenClaw installation with all required credentials
- 5Propagating a new Gemini API key to the running gateway without manual restarts
Manage API keys securely via GNOME Keyring and inject them into OpenClaw config.
Security Audits
These signals reflect official OpenClaw status values. A Suspicious status means the skill should be used with extra caution.