{"skill":{"slug":"secret-portal","displayName":"Secret Portal","summary":"Spin up a one-time web UI for securely entering secret keys and env vars. Supports guided instructions, single-key mode, and cloudflared tunneling.","description":"---\nname: secret-portal\ndescription: Spin up a one-time web UI for securely entering secret keys and env vars. Supports guided instructions, single-key mode, and cloudflared tunneling.\nmetadata:\n  {\n    \"openclaw\":\n      {\n        \"emoji\": \"🔐\",\n        \"requires\": { \"bins\": [\"uv\"] },\n        \"install\":\n          [\n            {\n              \"id\": \"uv-brew\",\n              \"kind\": \"brew\",\n              \"formula\": \"uv\",\n              \"bins\": [\"uv\"],\n              \"label\": \"Install uv (brew)\",\n            },\n          ],\n      },\n  }\n---\n\n# Secret Portal\n\nSpin up a temporary, one-time-use web UI for securely entering secret keys and environment variables. No secrets ever touch chat history or terminal logs.\n\n## Quick Start\n\n```bash\n# Single key with cloudflared tunnel (recommended)\nuv run --with secret-portal secret-portal \\\n  -k API_KEY_NAME \\\n  -f ~/.secrets/target-env-file \\\n  --tunnel cloudflared\n\n# With guided instructions and a link to the key's console\nuv run --with secret-portal secret-portal \\\n  -k OPENAI_API_KEY \\\n  -f ~/.env \\\n  -i '<strong>Get your key:</strong><ol><li>Go to platform.openai.com</li><li>Click API Keys</li><li>Create new key</li></ol>' \\\n  -l \"https://platform.openai.com/api-keys\" \\\n  --link-text \"Open OpenAI dashboard →\" \\\n  --tunnel cloudflared\n\n# Multi-key mode (no -k flag, user enters key names and values)\nuv run --with secret-portal secret-portal \\\n  -f ~/.secrets/keys.env \\\n  --tunnel cloudflared\n```\n\n## Options\n\n| Flag | Description |\n|------|-------------|\n| `-k, --key` | Pre-populate a single key name (user only enters the value) |\n| `-f, --env-file` | Path to save secrets to (default: `~/.env`) |\n| `-i, --instructions` | HTML instructions shown above the input field |\n| `-l, --link` | URL button for where to get/create the key |\n| `--link-text` | Label for the link button (default: \"Open console →\") |\n| `--tunnel` | `cloudflared` (recommended), `ngrok`, or `none` |\n| `-p, --port` | Port to bind to (default: random) |\n| `--timeout` | Seconds before auto-shutdown (default: 300) |\n\n## Tunneling\n\n**Use `--tunnel cloudflared`** — it's free, requires no account, has no interstitial pages, provides HTTPS, and auto-downloads the binary if missing.\n\nngrok free tier shows an interstitial warning page that blocks mobile and automated use.\n\nWithout a tunnel, the port must be open in your firewall/security group. The CLI will warn you if it detects the port is unreachable.\n\n## Security\n\n- One-time use: portal expires after a single submission\n- Token auth: URL contains a random 32-byte token\n- Secret values are **never** printed to stdout/stderr (enforced by tests)\n- Env file is written with `600` permissions (owner-only)\n- Secrets never touch chat history or terminal logs\n\n## Source\n\nhttps://github.com/Olafs-World/secret-portal\n","tags":{"latest":"0.1.0"},"stats":{"comments":0,"downloads":1396,"installsAllTime":3,"installsCurrent":3,"stars":0,"versions":1},"createdAt":1770691949594,"updatedAt":1779076804327},"latestVersion":{"version":"0.1.0","createdAt":1770691949594,"changelog":"Initial release","license":null},"metadata":{"setup":[],"os":null,"systems":null},"owner":{"handle":"awlevin","userId":"s1718qg1ad2pdk2ghq4eqvz44d885ayk","displayName":"Aaron Levin","image":"https://avatars.githubusercontent.com/u/8488209?v=4"},"moderation":null}