nav/PaddedCell
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
PaddedCell/skills/secret-mgr/SKILL.md
zhi 98fc3da39c feat: rename pass_mgr → secret-mgr, add ego-mgr binary and skill 
M1: Rename pass_mgr to secret-mgr
- Rename directory, binary, and Go module
- Update install.mjs to build/install secret-mgr
- Update pcexec.ts to support secret-mgr patterns (with legacy pass_mgr compat)
- Update plugin config schema (passMgrPath → secretMgrPath)
- Create new skills/secret-mgr/SKILL.md
- install.mjs now initializes ego.json on install

M2: Implement ego-mgr binary (Go)
- Agent Scope and Public Scope column management
- Commands: add column/public-column, delete, set, get, show, list columns
- pcexec environment validation (AGENT_VERIFY, AGENT_ID, AGENT_WORKSPACE)
- File locking for concurrent write safety
- Proper exit codes per spec (0-6)
- Agent auto-registration on read/write
- Global column name uniqueness enforcement

M3: ego-mgr Skill
- Create skills/ego-mgr/SKILL.md with usage guide and examples

Ref: REQUIREMENTS_EGO_MGR.md
2026-03-24 09:36:03 +00:00

2.6 KiB
Raw Permalink Blame History

name, description
name description
secret-mgr Manage OpenClaw agent credentials (usernames/secrets). Use when storing, retrieving, listing, generating, or removing credentials for an agent. Trigger on requests about saving or fetching usernames, passwords, tokens, API keys, or other secrets. MUST call secret-mgr via the pcexec tool.

Secret Manager

Purpose

Use secret-mgr to store and retrieve agent-scoped credentials (username/secret pairs) and generate secrets.

Mandatory safety rule

Always invoke secret-mgr through the pcexec tool. Do NOT run secret-mgr directly.

Commands (run via pcexec)

  • List keys for current agent

    • secret-mgr list
    • Include shared scope: secret-mgr list --public

  • Get username for a key

    • secret-mgr get-username --key <key>
    • Shared scope: secret-mgr get-username --public --key <key>

  • Get secret for a key

    • secret-mgr get-secret --key <key>
    • Shared scope: secret-mgr get-secret --public --key <key>

  • Set a key entry (username optional)

    • secret-mgr set --key <key> --secret <secret> [--username <username>]
    • Shared scope: secret-mgr set --public --key <key> --secret <secret> [--username <username>]

  • Remove a key entry

    • secret-mgr unset --key <key>
    • Shared scope: secret-mgr unset --public --key <key>

  • Generate a random secret for a key (prints secret)

    • secret-mgr generate --key <key> [--username <username>]
    • Shared scope: secret-mgr generate --public --key <key> [--username <username>]

  • Legacy (hidden) getter

    • secret-mgr get <key>

Usage notes

  • Treat all outputs as sensitive. Never echo secrets.
  • When the agent needs credentials to access a resource, first try list to see if a matching key already exists before asking the user.
  • Prefer generate when the user wants a new secret or password.
  • Use set to store both username and secret in one step.
  • Use get-username and get-secret for retrieval.
  • Storing can be explicit (user asks) or proactive after the agent successfully registers/creates an account.
  • Secrets should be fetched and used immediately in a command, not displayed (e.g., xxx_cli login --user $(secret-mgr get-username --key some_key) --pass $(secret-mgr get-secret --key some_key)).

Examples (pcexec)

  • Store credentials

    • pcexec: secret-mgr set --key github --username alice --secret <secret>

  • Retrieve username

    • pcexec: secret-mgr get-username --key github

  • Retrieve secret

    • pcexec: secret-mgr get-secret --key github

  • Generate secret

    • pcexec: secret-mgr generate --key github

  • Delete entry

    • pcexec: secret-mgr unset --key github
Reference in New Issue View Git Blame Copy Permalink