#23015: Onboard: store OpenAI auth in profiles instead of .env
commands
maintainer
size: S
Cluster:
AI Provider Enhancements
## Summary
- migrate OpenAI onboarding auth persistence from shared `.env` writes to auth-profile credentials
- update interactive and non-interactive OpenAI auth-choice paths to call profile persistence (`setOpenaiApiKey`) instead of `upsertSharedEnvVar`
- preserve env-backed security behavior by storing `keyRef: { source: "env", id: "OPENAI_API_KEY" }` when input is env-backed/`${OPENAI_API_KEY}`
- keep plaintext compatibility when users provide a literal key that is not env-backed
## User-visible Behavior
- onboarding no longer writes OpenAI static keys into `~/.openclaw/.env` on these paths
- OpenAI credentials are now managed consistently with other profile-backed providers
## Scope Boundary
- no OAuth token handling changes
- no runtime resolver contract changes
## Validation
- `pnpm check`
- `pnpm vitest run src/commands/onboard-auth.credentials.test.ts src/commands/auth-choice.apply.openai.test.ts`
Most Similar PRs
#23026: Onboard: move volcengine/byteplus auth from .env to profiles
by joshavant · 2026-02-21
83.0%
#23009: Onboard: persist env-backed API keys as secret refs
by joshavant · 2026-02-21
71.1%
#16626: fix: prompt onboarding auth selection when auth choice is blank
by harshang03 · 2026-02-14
67.1%
#3591: CLI: add OpenAI-compatible endpoint auth choice
by surak · 2026-01-28
66.6%
#7813: feat(onboard): validate Venice API keys during setup
by jonisjongithub · 2026-02-03
66.3%
#19841: feat: add Amazon Bedrock as first-class onboarding provider
by elbeyf · 2026-02-18
62.8%
#9046: feat: Add AWS Bedrock OpenAI-compatible API provider
by joemag1 · 2026-02-04
62.6%
#22105: feat(auth): add refreshable Anthropic OAuth login flow
by sauerdaniel · 2026-02-20
62.4%
#18670: feat: add first-class Claude Code CLI auth path + CLI model UX hard...
by SmithLabsLLC · 2026-02-16
62.2%
#23444: Gateway: move auth token storage to state dotenv by default
by bmendonca3 · 2026-02-22
61.7%