OpenClaw

1. Install the CLI

2. Create an agent-only config

Branch off your dev environment to create an isolated config so you control the agent's blast radius.

Branch configs are prefixed with the environment slug. dev_agent_openclaw lives under dev and inherits from its root unless you override.

3. Add only the secrets the agent needs

Scope it down so if the task needs one API key, add one API key. OpenClaw is a multi-provider gateway, so use the key for whichever provider you've configured.

Do not let the agent populate or modify its own secrets. A human decides what goes in this config; the token in the next step is read-only, so the agent can't write back.

4. Mint a scoped, read-only, expiring token

Bound to this one config, with an expiration so a leaked token dies on its own. Capture it into an environment variable so the next steps can reference it without pasting the raw value around.

Service tokens are read-only by default. The agent can fetch secrets, but never change them. This is the agent's identity.

5. Scope the CLI token to the working directory

Bind the agent's token to a single directory so the CLI only uses it there. Run this from the folder OpenClaw will work in.

The --scope . flag locks the token to the current directory. Any doppler command run inside that folder - the doppler run launch below, the Option B on-demand resolver calls, and anything OpenClaw itself invokes - resolves with this scoped agent token and never your personal CLI token.

Note: Run the agent in a sandbox scoped to that directory. And proceed with caution on production workloads: a non-deterministic agent with live credentials is real blast radius, so keep it pointed at dev/test configs unless you have a specific reason not to.

Option A

6. Run OpenClaw through Doppler

Option A: wrap it (standard pattern). Inject the config's secrets as environment variables for the whole session:

Option B

6. Run OpenClaw through Doppler

Option B: Native secret references (resolve on demand). OpenClaw's secret-reference exec provider resolves a credential by shelling out to a command. Point it at the Doppler CLI so secrets are fetched at the moment of use rather than held in the environment for the whole session:

6. Options A & B

Configure that as the resolver for the matching reference in OpenClaw, and the credential is pulled just-in-time, a tighter exposure window than env injection, useful for the most sensitive keys. Option A is the simplest. Option B gives you per-secret, just-in-time resolution. Either way, the token stays read-only and config-scoped.

7. Connect the Doppler MCP server

Steps 1-6 give OpenClaw the credentials it runs with. The MCP server lets OpenClaw see and operate Doppler itself: list projects, inspect a config, and understand the secret layout before depending on it.

Alternatively, authenticate once with npx @dopplerhq/mcp-server login (or register it via the CLI: openclaw mcp add doppler --command npx --arg -y --arg @dopplerhq/mcp-server --arg --read-only). Reload the gateway after changes (openclaw gateway restart).

Interested in more? Head back to the directory.

Pick Your Tool