▲ 5 r/openclaw
Openclaw security when self hosting: are API keys and conversation data at risk
Cisco report said openclaw security is ""optional, not built in"" and looking at the default config it's obvious why. API keys in .env files on whatever VPS you run it on, root access means full visibility. For my own project whatever, but I want to recommend this to non-technical people and them running it on a $5 droplet with default everything and anthropic keys in plaintext is a no from me.
Anyone have a hardened deployment guide or a security config the community has standardized on?
u/Quiet-Section-2559 — 15 hours ago
