← Back to PRs

#23015: Onboard: store OpenAI auth in profiles instead of .env

by joshavant open 2026-02-21 22:56 View on GitHub →
commands maintainer size: S
## Summary - migrate OpenAI onboarding auth persistence from shared `.env` writes to auth-profile credentials - update interactive and non-interactive OpenAI auth-choice paths to call profile persistence (`setOpenaiApiKey`) instead of `upsertSharedEnvVar` - preserve env-backed security behavior by storing `keyRef: { source: "env", id: "OPENAI_API_KEY" }` when input is env-backed/`${OPENAI_API_KEY}` - keep plaintext compatibility when users provide a literal key that is not env-backed ## User-visible Behavior - onboarding no longer writes OpenAI static keys into `~/.openclaw/.env` on these paths - OpenAI credentials are now managed consistently with other profile-backed providers ## Scope Boundary - no OAuth token handling changes - no runtime resolver contract changes ## Validation - `pnpm check` - `pnpm vitest run src/commands/onboard-auth.credentials.test.ts src/commands/auth-choice.apply.openai.test.ts`

Most Similar PRs