Vaultwarden is a self hosted version of bitwarden. Instead of rotating tons of secrets or keeping them in plaintext on the system which an malicious script could scan down, they should be accessed via a password manager which has one quick revocation path if Clawd goes rogue.

Alternatively, some kind of password management could be built into Clawd but Vaultwarden also has a nice web ui that can be deployed with Authentik for SSO across all services Clawd deploys for you.