Skip to content

Stop passing secrets as plaintext Docker env vars #18

Open
Open
Stop passing secrets as plaintext Docker env vars#18
Assignees
michaelzwang13
Labels
bugSomething isn't working
@michaelzwang13

Description

@michaelzwang13
michaelzwang13
opened on May 22, 2026

orchestrator.create_agent() injects LLM_API_KEY, MOONSHOT_API_KEY, OPENCLAW_GATEWAY_TOKEN, and others as container environment variables — visible via docker inspect and in crash logs.

Scope

  • The AWS CDK work (AWS deployment via CDK #11) addresses production via Secrets Manager, but local containers stay exposed.
  • Mount secrets as files / use Docker secrets, or scope down what each container receives.

Lower priority (local-only exposure) but a real one.

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions