Install
openclaw skills install @jlacroix82/secrets-managerSecure secrets store for OpenClaw agents. Store, retrieve, rotate, and audit secrets with encrypted storage. Inject secrets into commands safely. Zero external dependencies.
openclaw skills install @jlacroix82/secrets-managerStop hardcoding secrets. Start managing them securely.
API keys, tokens, passwords — they end up in shell history, logs, or committed to git. No local secrets store means every agent session is a potential leak.
Secrets Manager fixes this with encrypted local storage and zero dependencies.
node skills/secrets-manager/secrets-manager.js --store openai-key sk-abc123
node skills/secrets-manager/secrets-manager.js --get openai-key
# Output: [secrets-manager] openai-key: sk-a****23
node skills/secrets-manager/secrets-manager.js --get --raw openai-key
# Output: sk-abc123
node skills/secrets-manager/secrets-manager.js --list
node skills/secrets-manager/secrets-manager.js --delete old-key
node skills/secrets-manager/secrets-manager.js --rotate openai-key
# Generates a new random value, archives old as retired
node skills/secrets-manager/secrets-manager.js --rotate --all
# Batch-rotate every stored secret
# All findings
node skills/secrets-manager/secrets-manager.js --audit
# Only expired
node skills/secrets-manager/secrets-manager.js --audit --expired
# Only expiring soon
node skills/secrets-manager/secrets-manager.js --audit --stale
node skills/secrets-manager/secrets-manager.js --inject "curl -H 'Authorization: Bearer {{openai-key}}' https://api.openai.com/v1/chat"
Replaces {{secret_name}} placeholders with actual values.
node skills/secrets-manager/secrets-manager.js --audit
Checks for expired rotation, weak patterns, and short secrets.
node skills/secrets-manager/secrets-manager.js --status
memory/secrets/secrets.json{{secret_name}} placeholders replaced before executionSecrets stored in: memory/secrets/secrets.json
Override storage location:
--dir /path/to/secrets
When handling secrets:
--store first, then --get --raw--get (not --get --raw) for display--audit during heartbeats--inject for commands that need secrets| Approach | Security | Setup | Audit | Rotation |
|---|---|---|---|---|
| Environment vars | Medium | Medium | None | Manual |
| .env files | Low | Low | None | Manual |
| Secrets Manager | Good | None | Auto | Auto |
| Vault service | High | High | Auto | Auto |
Secrets Manager gives you encrypted storage + rotation + auditing with zero external dependencies.
{{placeholder}} syntax for command integration