> configuration & security
All configuration is one JSON5 file at ~/.openclaw/openclaw.json, edited by hand, through openclaw config set, or in the Control UI — validation is strict, so an unknown key blocks startup. This is also where the security posture lives: model auth and failover, DM access policy, and the gateway's bind and auth settings. The guiding assumption is that the gateway can run shell commands, so lock down who can reach it, who can DM it, and which tools it may use.
// configuration & security
7 commands$ openclaw config file$ openclaw models set anthropic/claude-sonnet-4-6$ openclaw models auth paste-api-key --provider anthropic$ echo "ANTHROPIC_API_KEY=sk-ant-your-key" >> ~/.openclaw/.env$ openclaw security audit --deep$ openclaw config set channels.whatsapp.dmPolicy allowlist$ openclaw doctor --generate-gateway-token// faq
Where is the config file and can I edit it directly?
~/.openclaw/openclaw.json, in JSON5 (comments and trailing commas allowed). Edit it directly and the gateway hot-applies most changes, or use openclaw config get/set/unset <path> for single keys and openclaw config validate to check the whole file. It must be a regular file, not a symlink; set OPENCLAW_CONFIG_PATH to keep it elsewhere.
How do I set my model and add fallbacks?
openclaw models set <provider>/<model> sets the primary (agents.defaults.model.primary), and openclaw models fallbacks add appends to the chain tried when it fails. Add credentials with openclaw models auth paste-api-key --provider <id> or openclaw models auth login. A fallback only helps if its provider is authed, so check openclaw models status.
Where should API keys and secrets go?
In env, not raw in config. OpenClaw reads ~/.openclaw/.env and ./.env, and config strings interpolate ${VAR} (uppercase only; escape with $${VAR}). Reference secrets as env-sourced token refs so a backup of openclaw.json does not leak them. Auth profiles are per-agent under ~/.openclaw/agents/<id>/agent/auth-profiles.json.
How do I keep the gateway from being exposed?
Keep gateway.bind on loopback (the default) and gateway.auth on — the gateway can execute shell commands, so an unauthenticated 0.0.0.0 bind is remote code execution. Generate a token with openclaw doctor --generate-gateway-token, set gateway.auth.mode to token, and only widen the bind to lan or tailnet with auth plus a firewall. Run openclaw security audit --deep to check.
What is the safest DM setting?
dmPolicy: pairing (the default) gates unknown senders behind a one-time code; allowlist restricts to listed senders. Avoid open, which needs an explicit "*" and hands your agent to anyone — if you must, pair it with per-channel-peer session scope and a restricted tool profile so a stranger cannot run exec. openclaw security audit --fix flips open group policies back to allowlists.