TL;DR: Putting ~/.openclaw in a private git repo is mostly about writing the right .gitignore and keeping every secret outside the tree. A systemd EnvironmentFile carries the real keys to the gateway at startup, so openclaw.json can hold references or empty fields instead of credentials. Why track it Link to heading After the upgrade gotchas, I wanted version history for openclaw.json and a way to rebuild on a new VM without reassembling config by hand. Putting ~/.openclaw in a private repo solves both, but only if nothing sensitive ever lands in git. Private repos get forks, clones, CI caches, and the occasional visibility flip. Treat them as if they could leak tomorrow.
No comments yet. Log in to reply on the Fediverse. Comments will appear here.