-
-
Notifications
You must be signed in to change notification settings - Fork 39.8k
Open
Labels
bugSomething isn't workingSomething isn't working
Description
Bug Report
Version: 2026.2.6-3 (upgraded from 2026.2.3-1)
Summary:
Running openclaw configure (and likely other config-writing commands) in version 2026.2.6-3 writes the security redaction placeholder __OPENCLAW_REDACTED__ to the actual openclaw.json file instead of preserving the real values. This destroys all API keys, tokens, and even numeric configuration values.
Steps to Reproduce
- Update OpenClaw to 2026.2.6-3
- Run
openclaw configure - Check
~/.openclaw/openclaw.json
Expected Behavior
Config file should retain all original API keys, tokens, and configuration values. Security redaction should only apply to:
- API responses (when querying config via gateway)
- Logs and output
- Never to the actual file on disk
Actual Behavior
All sensitive values are replaced with __OPENCLAW_REDACTED__ in the actual config file, including:
channels.discord.tokenenv.vars.BRAVE_API_KEYenv.vars.DEEPSEEK_API_KEYmodels.providers.deepseek.apiKeygateway.auth.tokentools.web.search.apiKeyskills.entries.*.apiKey- Even numeric values like
models.providers.*.models[].maxTokens(should be 8192, etc.)
Impact
Critical - This bug will:
- Break Discord connectivity (token destroyed)
- Break all API-based models (DeepSeek, etc.)
- Break web search functionality
- Break all skills requiring API keys
- Corrupt numeric config values
- Require users to manually restore all credentials from backup
Workaround
- Restore
openclaw.jsonfrom backup before running configure - Avoid running
openclaw configure,openclaw doctor --fix, or any command that writes config until fixed - Consider rolling back to 2026.2.3-1
Additional Context
- Affected command:
openclaw configure(timestamp: 2026-02-07T16:10:54Z) - Wizard metadata in damaged file shows:
"lastRunCommand": "configure","lastRunVersion": "2026.2.6-3" - The redaction mechanism appears to be incorrectly applied during config write operations
- User confirmed config file was valid before running configure, damaged after
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
bugSomething isn't workingSomething isn't working