TL;DR:
Passwd integrates with OpenClaw as an exec secrets provider. Credentials are resolved at gateway startup via SecretRef and never enter the agent context. The skill file gives your agent conversational vault access with redacted values. Setup: authenticate, add the provider to gateway.config.json5, add the skill, restart.
OpenClaw 2026.3.2 introduced full SecretRef coverage across dozens of credential surfaces. The Agent-Blind Credential Architecture RFC established a principle that is now spreading across the ecosystem: the agent can know that credentials exist, but it never sees their actual values.
Passwd integrates with OpenClaw as an exec secrets provider. Credentials are resolved by the gateway at startup and stored in memory, never entering the agent context. For teams that manage shared credentials with permissions, audit logs, and TOTP generation, this provides a secure way to integrate a password manager into agent workflows.
How agent-blind credentials work
OpenClaw’s SecretRef system resolves secrets into an in-memory snapshot when the gateway starts or reloads.
Instead of using raw credentials, the system references them using objects like:
{ source: "exec", provider: "passwd", id: "abc123:password" }
When the gateway needs the actual credential (for example to authenticate with an external API), it resolves the reference from the snapshot.
Passwd implements this through the passwd-agent-cli exec provider.
When the gateway starts:
- it sends a JSON request containing secret IDs to the CLI
- the CLI resolves the secrets from the vault
- the values are returned on stdout
- the gateway stores them in its internal snapshot
The AI agent never receives the credential values.
For conversational access to vault data, OpenClaw uses a skill that calls the agent CLI in safe read mode. Credential values are replaced with •••••••• so the agent can browse and identify credentials without exposing sensitive data.
Setup
1. Authenticate with your Passwd deployment
Run the login command and set your deployment URL.
PASSWD_ORIGIN=https://your-deployment.passwd.team npx -y @passwd/passwd-agent-cli@1.3.1 login
Tokens are stored in your system keychain. The OpenClaw agent will use this identity when accessing the vault.
The agent will only see credentials that are shared with this account.
2. Add the secrets provider to gateway.config.json5
Edit your OpenClaw gateway configuration and add the Passwd provider.
{
secrets: {
providers: {
passwd: {
source: "exec",
command: "/usr/local/bin/npx",
args: ["-y", "@passwd/passwd-agent-cli@1.3.1", "resolve"],
passEnv: ["PASSWD_ORIGIN", "HOME"],
allowSymlinkCommand: true,
trustedDirs: ["/usr/local", "/opt/homebrew"]
}
}
}
}
This tells the gateway to resolve credential references using the Passwd agent CLI.
3. Reference secrets in model providers
Secrets are referenced using SecretRef objects.
The id format is:
SECRET_ID:field
If the field is omitted, password is used by default.
Example configuration:
{
models: {
providers: {
openai: {
baseUrl: "https://api.openai.com/v1",
models: [{ id: "gpt-4o", name: "gpt-4o" }],
apiKey: { source: "exec", provider: "passwd", id: "abc123:password" }
}
}
}
}
Store your API keys as secrets in Passwd, then reference them by ID.
To list available secrets:
npx @passwd/passwd-agent-cli@1.3.1 list
4. Add the OpenClaw skill
Create the skill file:
~/.openclaw/workspace/skills/passwd/SKILL.md
Then add the following configuration.
---
name: passwd
description: "Browse team credentials and generate TOTP codes."
metadata:
{
"openclaw":
{
"emoji": "🔑",
"requires": { "env": ["PASSWD_ORIGIN"], "bins": ["npx"] }
}
}
---# passwdBrowse credentials and generate TOTP codes from your team's passwd.team vault. Always use `--json` for structured output.CMD: `npx -y @passwd/passwd-agent-cli@1.3.1`## CommandsSearch: CMD list -q "search term" --json
Info: CMD get SECRET_ID --json
TOTP code: CMD totp SECRET_ID
Whoami: CMD whoami --json
Envs: CMD envs --json## Multi-environmentUse `--env NAME` with any command to target a specific Passwd deployment.CMD list -q "search" --json --env acme
CMD envs --json## Display rulesNever use tables or code blocks
Bold label, backtick value format
End credential output with 🔐
One field per line
Skip empty fields
Lists should contain only name and type
TOTP responses show code and remaining seconds
5. Restart the gateway
Restart the OpenClaw gateway so the new provider and skill are discovered.
After restart, the agent can browse credentials, generate TOTP codes, and configure integrations using SecretRefs.
For multiple Passwd deployments, log in to each origin separately.
PASSWD_ORIGIN=https://example.passwd.team npx @passwd/passwd-agent-cli@1.3.1 login
The agent can then switch environments using the --env flag.
Example workflows
Browse credentials
You can ask the agent:
“What credentials do we have for staging?”
The agent searches the vault using the skill and returns matching entries. Credential values remain redacted.
Generate a TOTP code
You can ask:
“Get the TOTP code for the staging admin panel.”
The agent generates the code using the vault.
Because TOTP codes expire every 30 seconds, they are safe to return in conversation.
Configure external services
You can ask the agent to configure an integration using credentials stored in the vault.
The agent finds the secret ID and writes a SecretRef into the configuration.
Example:
serviceAccount: { source: "exec", provider: "passwd", id: "abc123:password" }
When the gateway reloads, the credential is resolved and stored in the in-memory snapshot.
The agent configured the integration but never saw the secret value.
Audit credentials
You can also use the agent to audit vault data.
Example request:
“List all credentials tagged production. Which ones were updated recently?”
The agent searches the vault and summarizes the results based on metadata such as name, type, tags, and update date.
Credential values are never exposed.
Agent-blind by architecture, not policy.
Full source:
https://github.com/pepuscz/passwd