LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-04-26 07:57:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs(secrets): align provider model and add exec resolver coverage

Browse Source
This commit is contained in:
joshavant
2026-02-25 17:58:10 -06:00
committed by Peter Steinberger
parent 4e7a833a24
commit bde9cbb058
18 changed files with 321 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docs/cli/secrets.md
View File

@@ -57,17 +57,7 @@ openclaw secrets migrate --write --no-scrub-env
- Scrub target is `<config-dir>/.env`.
- Only known secret env keys are considered.
- Entries are removed only when the value exactly matches a migrated plaintext secret.
- If `<config-dir>/.sops.yaml` or `<config-dir>/.sops.yml` exists, migrate passes it explicitly to `sops`, runs `sops` with `cwd=<config-dir>`, and sets `--filename-override` to the absolute target secrets path (for example `/home/user/.openclaw/secrets.enc.json`) so strict `creation_rules` continue to match when OpenClaw encrypts through a temp file.
Common migrate write failure:
- `config file not found, or has no creation rules, and no keys provided through command line options`
If you hit this:
- Add or fix `<config-dir>/.sops.yaml` / `.sops.yml` with valid `creation_rules`.
- Ensure key access is available in the command environment (for example `SOPS_AGE_KEY_FILE`).
- Re-run `openclaw secrets migrate --write`.
- Migration writes to the configured default `file` provider path when present; otherwise `<state-dir>/secrets.json`.
Rollback a previous migration: