Running AI agents in production means handling sensitive data, external API calls, and complex permission chains. Without proper safeguards, you're one misconfiguration away from a data leak or compromise. This guide covers essential security practices for any OpenClaw deployment.

Securing Your API Keys

API keys are the primary authentication mechanism for your AI providers. Treat them like passwords—because they effectively are.

Use Environment Variables, Not Hardcoded Keys

Never embed API keys directly in configuration files or code:

# ✅ Good: Reference environment variable
export ANTHROPIC_API_KEY="sk-ant-..."

# ❌ Bad: Hardcoded key in config file
"api_key": "sk-ant-..."

Store keys in environment variables and load them at runtime. For production deployments, use a secrets manager like HashiCorp Vault, AWS Secrets Manager, or your platform's native secrets management.

Rotate Keys Regularly

Set a calendar reminder to rotate API keys every 90 days. If a key is ever exposed—accidentally committed to a repo, logged in debug output, or shared over Slack—rotate it immediately and revoke the old key.

Use Scoped Keys Where Possible

Providers like OpenAI support scoped keys with limited permissions. Use the minimum permissions required for your use case. If your agent only reads from an API, don't give it write permissions.

Sandboxing Agent Executions

AI agents execute code, make API calls, and modify files. Sandboxing limits the blast radius when something goes wrong.

File System Access Controls

Configure OpenClaw to operate within a confined directory tree:

{
  "sandbox": {
    "allowed_paths": ["/home/user/openclaw-workspace"],
    "read_only_paths": ["/home/user/shared-templates"],
    "blocked_paths": ["/etc", "/var/log", "/home/user/.ssh"]
  }
}

Agents can only read and write within the allowed paths. Critical system directories are protected from accidental or malicious modification.

Network Restrictions

Limit which domains your agents can access:

{
  "network": {
    "allowed_domains": ["api.anthropic.com", "api.openai.com", "your-internal-api.com"],
    "blocked_domains": ["*.internal.corp", "localhost"]
  }
}

This prevents agents from calling internal services they shouldn't reach or exfiltrating data to unexpected destinations.

Execution Timeouts

Set maximum execution times to prevent runaway processes:

{
  "execution": {
    "max_duration_seconds": 300,
    "max_tool_calls": 50
  }
}

Access Controls and Permissions

Role-Based Access

If you're running a team deployment, define clear roles:

RoleCapabilitiesAdminFull configuration, key management, all agentsOperatorCreate/edit agents, run workflows, no key accessViewerRead-only access to agent logs and outputsGuestLimited to specific sandboxes, no system access

Authentication and Session Management

Require authentication for all OpenClaw access. Implement session timeouts—automatically log out inactive sessions after 30 minutes of inactivity. For sensitive deployments, enable MFA.

Principle of Least Privilege

Every agent, user, and integration should have only the permissions it needs to function. Review permissions quarterly and remove anything unused.

Audit Logging

You can't secure what you can't see. Comprehensive logging is non-negotiable for production deployments.

What to Log

Capture every significant action:

  • Authentication events — Login attempts, token refreshes, failures
  • Agent executions — Task start/end, model used, duration
  • Tool invocations — Files accessed, API calls made, commands executed
  • Configuration changes — Who changed what, when, previous value
  • Data transfers — Large file reads, data exports, external uploads

Log Format and Storage

Structure logs for easy querying:

{
  "timestamp": "2024-11-15T14:32:01Z",
  "level": "INFO",
  "event": "agent.tool.invoked",
  "agent_id": "agent-123",
  "tool": "file.write",
  "path": "/workspace/output/report.txt",
  "user": "[email protected]",
  "ip": "192.168.1.50"
}

Store logs in a centralized system (Elasticsearch, Splunk, or a cloud-native option) with appropriate retention policies—minimum 90 days for security-relevant events.

Alerting on Anomalies

Set up alerts for suspicious patterns:

  • Failed login attempts exceeding 5 in 10 minutes
  • Agent making network calls to never-seen-before domains
  • Unusually high API usage from a single agent
  • Configuration changes outside business hours

Common Vulnerabilities and How to Patch Them

Injection Attacks

Like SQL injection, but for AI prompts. Attackers can manipulate agent behavior through malicious input:

Prevention:

  • Sanitize all external input before passing to agents
  • Use output validation to catch unexpected behaviors
  • Implement prompt injection detection (many providers offer this)
  • Log and review unusual agent responses

Data Exposure Through Logs

Debug logging can inadvertently capture sensitive data:

Prevention:

  • Never log full API request/response bodies
  • Redact PII, keys, and tokens from all logs
  • Use structured logging that enforces field-level access controls
  • Test log output manually before deployment

Over-Trusting Agent-Generated Actions

Agents can confidently take destructive actions based on misunderstood prompts:

Prevention:

  • Require confirmation for destructive operations (file deletion, API writes)
  • Implement a human-in-the-loop checkpoint for high-risk actions
  • Use dry-run modes where agents describe actions without executing them

Credential Sharing

Teams sometimes share API keys to avoid managing multiple accounts:

Prevention:

  • Enforce individual credentials per user
  • Use service accounts with limited scope for automated workflows
  • Implement key binding to specific IP ranges when supported

Security Checklist for Production

Before deploying any OpenClaw instance:

  •  API keys stored in environment variables or secrets manager
  •  Keys rotated within last 90 days
  •  File system sandboxing configured
  •  Network restrictions in place
  •  Execution timeouts set
  •  Role-based access control implemented
  •  Session timeouts enabled
  •  Comprehensive audit logging configured
  •  Alerts set for anomalous activity
  •  All inputs sanitized before agent processing
  •  Destructive actions require confirmation
  •  Security team has reviewed configuration

Ready to secure your OpenClaw deployment?

Master multi-model workflows in the OpenClaw Quick Start Course →

Get model recommendations and community tips at Claw Crew →