Skip to main content
This page defines the strict contract enforced by openclaw secrets apply. If a target does not match these rules, apply fails before mutating any file.

Plan file shape

openclaw secrets apply --from <plan.json> expects a targets array of plan targets:
openclaw secrets configure generates plans in this shape. You can also hand-write or edit one.

Provider upserts and deletes

Plans may also include two optional top-level fields that mutate the secrets.providers map alongside the per-target writes:
  • providerUpserts — an object keyed by provider alias. Each value is a provider definition (the same shape accepted under secrets.providers.<alias> in openclaw.json, e.g. an exec or file provider).
  • providerDeletes — an array of provider aliases to remove.
providerUpserts runs before targets, so a target.ref.provider may reference a provider alias that the same plan introduces in providerUpserts. Without this ordering, plans that reference an alias not yet configured in openclaw.json fail with provider "<alias>" is not configured.
Exec providers introduced via providerUpserts are still subject to the exec consent rules in Exec provider consent behavior: plans containing exec providers require --allow-exec in write mode.

Supported target scope

Plan targets are accepted for supported credential paths in SecretRef Credential Surface.

Target type behavior

target.type must be a recognized target type, and the normalized target.path must match that type’s registered path shape. Some target types accept a compatibility alias as target.type for existing plans, in addition to their canonical type name:
Canonical typeAccepted alias
models.providers.apiKeymodels.providers.*.apiKey
skills.entries.apiKeyskills.entries.*.apiKey
channels.googlechat.serviceAccountchannels.googlechat.accounts.*.serviceAccount

Path validation rules

Each target is validated with all of the following:
  • type must be a recognized target type.
  • path must be a non-empty dot path.
  • pathSegments can be omitted. If provided, it must normalize to exactly the same path as path.
  • Forbidden segments are rejected: __proto__, prototype, constructor.
  • The normalized path must match the registered path shape for the target type.
  • If providerId or accountId is set, it must match the id encoded in the path.
  • auth-profiles.json targets require agentId.
  • When creating a new auth-profiles.json mapping, include authProfileProvider.

Failure behavior

If a target fails validation, apply exits with an error like:
No writes are committed for an invalid plan: target resolution and path validation run before any file is touched. Separately, once a valid plan starts writing, apply snapshots every touched file first and restores those snapshots if a later write in the same run fails, so a partial write never leaves config, auth-profile, or env state out of sync.
  • --dry-run skips exec SecretRef checks by default.
  • Plans containing exec SecretRefs/providers are rejected in write mode unless --allow-exec is set.
  • When validating/applying exec-containing plans, pass --allow-exec in both dry-run and write commands.

Runtime and audit scope notes

  • Ref-only auth-profiles.json entries (keyRef/tokenRef) are included in runtime credential resolution and audit coverage.
  • secrets apply writes supported openclaw.json targets, supported auth-profiles.json targets, and three optional scrub passes, each on by default: scrubEnv (removes migrated plaintext values from .env), scrubAuthProfilesForProviderTargets (clears plaintext/unused-ref residue in auth-profiles.json for providers a plan just migrated), and scrubLegacyAuthJson (drops migrated api_key entries from legacy auth.json stores). Set any of options.scrubEnv, options.scrubAuthProfilesForProviderTargets, options.scrubLegacyAuthJson to false in the plan to skip that pass.

Operator checks

If apply fails with an invalid target path message, regenerate the plan with openclaw secrets configure or fix the target path to a supported shape above.