Enforce Token or Password Authentication
When token or password authentication is enabled, OpenClaw automatically generates a random token. However, OpenClaw stores the token in plaintext in the configuration file by default. To prevent token leakage, encrypted storage must be implemented and the credentials should be changed periodically. Please adopt an encryption solution to avoid storing sensitive data in plaintext (see Deploying an OpenClaw Instance).
Procedure
Set the authentication mode of the OpenClaw gateway.
openclaw config set gateway.auth.mode token
Parent topic: Automated Configuration Items