docs(secrets): clarify partial migration guidance
This commit is contained in:
joshavant
committed by
Peter Steinberger
Peter Steinberger
parent
7671c1dd10
commit
14897e8de7
@@ -78,9 +78,15 @@ Flags:
|
||||
Notes:
|
||||
|
||||
- `configure` targets secret-bearing fields in `openclaw.json`.
|
||||
- Include all secret-bearing fields you intend to migrate (for example both `models.providers.*.apiKey` and `skills.entries.*.apiKey`) so audit can reach a clean state.
|
||||
- It performs preflight resolution before apply.
|
||||
- Apply path is one-way for migrated plaintext values.
|
||||
|
||||
Exec provider safety note:
|
||||
|
||||
- Homebrew installs often expose symlinked binaries under `/opt/homebrew/bin/*`.
|
||||
- Set `allowSymlinkCommand: true` only when needed for trusted package-manager paths, and pair it with `trustedDirs` (for example `["/opt/homebrew"]`).
|
||||
|
||||
## Apply a saved plan
|
||||
|
||||
Apply or preflight a plan generated previously:
|
||||
@@ -105,3 +111,5 @@ openclaw secrets audit --check
|
||||
openclaw secrets configure
|
||||
openclaw secrets audit --check
|
||||
```
|
||||
|
||||
If `audit --check` still reports plaintext findings after a partial migration, verify you also migrated skill keys (`skills.entries.*.apiKey`) and any other reported target paths.
|
||||
|
||||
Reference in New Issue
Block a user