docs: refresh hosted shared-secret auth mirrors

docs/install/docker.md

@@ -62,8 +62,10 @@ Docker is **optional**. Use it only if you want a containerized gateway or to va
   </Step>
 
   <Step title="Open the Control UI">
-    Open `http://127.0.0.1:18789/` in your browser and paste the token into
-    Settings.
+    Open `http://127.0.0.1:18789/` in your browser and paste the configured
+    shared secret into Settings. The setup script writes a token to `.env` by
+    default; if you switch the container config to password auth, use that
+    password instead.
 
     Need the URL again?
 

docs/install/exe-dev.md

@@ -17,7 +17,7 @@ This page assumes exe.dev's default **exeuntu** image. If you picked a different
 1. [https://exe.new/openclaw](https://exe.new/openclaw)
 2. Fill in your auth key/token as needed
 3. Click on "Agent" next to your VM and wait for Shelley to finish provisioning
-4. Open `https://<vm-name>.exe.xyz/` and paste your gateway token to authenticate
+4. Open `https://<vm-name>.exe.xyz/` and authenticate with the configured shared secret (this guide uses a gateway token by default)
 5. Approve any pending device pairing requests with `openclaw devices approve <requestId>`
 
 ## What you need
@@ -110,9 +110,10 @@ and append-style `X-Forwarded-For` chains are treated as a hardening risk.
 ## 5) Access OpenClaw and grant privileges
 
 Access `https://<vm-name>.exe.xyz/` (see the Control UI output from onboarding). If it prompts for auth, paste the
-token from `gateway.auth.token` on the VM (retrieve with `openclaw config get gateway.auth.token`, or generate one
-with `openclaw doctor --generate-gateway-token`). Approve devices with `openclaw devices list` and
-`openclaw devices approve <requestId>`. When in doubt, use Shelley from your browser!
+configured shared secret from the VM. This guide uses token auth, so retrieve `gateway.auth.token`
+with `openclaw config get gateway.auth.token` (or generate one with `openclaw doctor --generate-gateway-token`).
+If you changed the gateway to password auth, use `gateway.auth.password` / `OPENCLAW_GATEWAY_PASSWORD` instead.
+Approve devices with `openclaw devices list` and `openclaw devices approve <requestId>`. When in doubt, use Shelley from your browser!
 
 ## Remote Access
 

docs/install/fly.md

@@ -229,7 +229,9 @@ read_when:
 
     Or visit `https://my-openclaw.fly.dev/`
 
-    Paste your gateway token (the one from `OPENCLAW_GATEWAY_TOKEN`) to authenticate.
+    Authenticate with the configured shared secret. This guide uses the gateway
+    token from `OPENCLAW_GATEWAY_TOKEN`; if you switched to password auth, use
+    that password instead.
 
     ### Logs
 

docs/install/northflank.mdx

@@ -18,7 +18,7 @@ This is the easiest "no terminal on the server" path: Northflank runs the Gatewa
 5. Click **Deploy stack** to build and run the OpenClaw template.
 6. Wait for the deployment to complete, then click **View resources**.
 7. Open the OpenClaw service.
-8. Open the public OpenClaw URL at `/openclaw` and connect using your `OPENCLAW_GATEWAY_TOKEN`.
+8. Open the public OpenClaw URL at `/openclaw` and connect using the configured shared secret. This template uses `OPENCLAW_GATEWAY_TOKEN` by default; if you replace it with password auth, use that password instead.
 
 ## What you get
 

docs/install/railway.mdx

@@ -15,7 +15,7 @@ This is the easiest "no terminal on the server" path: Railway runs the Gateway f
 2. Add a **Volume** mounted at `/data`.
 3. Set the required **Variables** (at least `OPENCLAW_GATEWAY_PORT` and `OPENCLAW_GATEWAY_TOKEN`).
 4. Enable **HTTP Proxy** on port `8080`.
-5. Open `https://<your-railway-domain>/openclaw` and connect using your `OPENCLAW_GATEWAY_TOKEN`.
+5. Open `https://<your-railway-domain>/openclaw` and connect using the configured shared secret. This template uses `OPENCLAW_GATEWAY_TOKEN` by default; if you replace it with password auth, use that password instead.
 
 ## One-click deploy
 

docs/install/render.mdx

@@ -78,7 +78,10 @@ resets on each deploy).
 
 The web dashboard is available at `https://<your-service>.onrender.com/`.
 
-Connect using the `OPENCLAW_GATEWAY_TOKEN` value that was auto-generated during deploy (find it in **Dashboard → your service → Environment**).
+Connect using the configured shared secret. This deploy template auto-generates
+`OPENCLAW_GATEWAY_TOKEN` (find it in **Dashboard → your service →
+Environment**); if you replace it with password auth, use that password
+instead.
 
 ## Render Dashboard features
 

docs/platforms/linux.md

@@ -19,7 +19,7 @@ Native Linux companion apps are planned. Contributions are welcome if you want t
 2. `npm i -g openclaw@latest`
 3. `openclaw onboard --install-daemon`
 4. From your laptop: `ssh -N -L 18789:127.0.0.1:18789 <user>@<host>`
-5. Open `http://127.0.0.1:18789/` and paste your token
+5. Open `http://127.0.0.1:18789/` and authenticate with the configured shared secret (token by default; password if you set `gateway.auth.mode: "password"`)
 
 Full Linux server guide: [Linux Server](/vps). Step-by-step VPS example: [exe.dev](/install/exe-dev)
 

docs/platforms/raspberry-pi.md

@@ -175,8 +175,9 @@ ssh -N -L 18789:127.0.0.1:18789 user@gateway-host
 
 Then open the printed Dashboard URL in your local browser.
 
-If the UI asks for auth, paste the token from `gateway.auth.token`
-(or `OPENCLAW_GATEWAY_TOKEN`) into Control UI settings.
+If the UI asks for shared-secret auth, paste the configured token or password
+into Control UI settings. For token auth, use `gateway.auth.token` (or
+`OPENCLAW_GATEWAY_TOKEN`).
 
 For always-on remote access, see [Tailscale](/gateway/tailscale).
 

docs/start/openclaw.md

@@ -66,7 +66,7 @@ openclaw gateway --port 18789
 
 Now message the assistant number from your allowlisted phone.
 
-When onboarding finishes, we auto-open the dashboard and print a clean (non-tokenized) link. If it prompts for auth, paste the token from `gateway.auth.token` into Control UI settings. To reopen later: `openclaw dashboard`.
+When onboarding finishes, we auto-open the dashboard and print a clean (non-tokenized) link. If it prompts for auth, paste the configured shared secret into Control UI settings. Onboarding uses a token by default (`gateway.auth.token`), but password auth works too if you switched `gateway.auth.mode` to `password`. To reopen later: `openclaw dashboard`.
 
 ## Give the agent a workspace (AGENTS)