Security Hardening Walkthrough

Step-by-step production hardening for OpenClaw

This walkthrough turns the Security Hardening Checklist into a concrete sequence: you perform each step in order and end with a harder, production-style setup. Plan for about 25–35 minutes. The checklist remains the source of truth; this page is the “do this, then this” version.

What You'll Do

  • Enable gateway auth and bind safely
  • Set DM policy and allowlists
  • Optionally enable sandboxing for group/untrusted channels
  • Move secrets out of config and run a security audit
  • If using Docker: harden the container

Prerequisites

  • OpenClaw installed and runningGetting Started
  • Config file location — Usually ~/.clawdbot/moltbot.json; see Configuration
  • Optional — Docker if you deploy with the official image

Step 1: Gateway Auth and Binding

Ensure the Gateway never runs with no auth when reachable from the network.

  1. Open your config and find gateway.auth (or equivalent). Set gateway.auth.mode to "token" (or your chosen mode)—never "none" if the Gateway is exposed.
  2. Bind to 127.0.0.1 (or a private IP) so the Gateway isn’t directly reachable from the internet. Use a reverse proxy (Caddy, nginx) with TLS for public access.
  3. Treat the Control UI as local-only; don’t expose it publicly.

Reference: Hardening checklist — Gateway & Auth.

Step 2: DM Policy and Allowlists

Control who can message your assistant.

  1. Keep dmPolicy: "pairing" (default) so unknown users get a pairing code and you approve explicitly.
  2. Use allowFrom to restrict which users or channels can send messages. Avoid "*" unless you understand the risk.
  3. Only use dmPolicy: "open" if you have strong sandboxing and isolation (e.g. dedicated VM, restricted tools).

Reference: Hardening checklist — DM Policy & Allowlists.

Step 3: Sandboxing (Optional)

For group chats or untrusted channels, run agent tools in a sandbox so bash and tools run inside Docker instead of on the host.

  1. Set sandbox.mode: "non-main" for the sessions/channels you want sandboxed.
  2. Review tool policies and default allowlists so only intended tools run in the sandbox.
  3. For higher assurance, run OpenClaw on a dedicated machine or VM.

Reference: Hardening checklist — Sandboxing.

Step 4: Secrets and API Keys

Keep API keys and secrets out of plaintext config.

  1. Use openclaw secrets or SecretRef for provider API keys and other secrets. See Secrets.
  2. Set spending limits on Anthropic, OpenAI, and other provider accounts.
  3. Prefer dedicated accounts (e.g. a separate Gmail or GitHub) for the agent instead of your personal ones.

Reference: Hardening checklist — Credentials & API Keys.

Step 5: Run Security Audit

Let OpenClaw check your setup for common issues.

Deep security audit
openclaw security audit --deep

Fix any reported issues. Use --fix for auto-fixable items (e.g. gateway.http.no_auth). Re-run after config changes.

Step 6: Docker Hardening (If Using Docker)

If you run OpenClaw in Docker:

  1. Use the official image and keep it updated.
  2. Run as non-root (default in the official image).
  3. Use --read-only and --cap-drop=ALL where possible. Example:
Hardened Docker run
docker run --read-only --cap-drop=ALL \
  -v openclaw-data:/app/data \
  openclaw/openclaw:latest

Reference: Hardening checklist — Docker; Docker deployment.

Related

Security guide — Overview and SHIELD. SHIELD framework. Security Hardening Checklist — Full checklist. Configuration — Config reference.

Next steps