How credentials and secrets are stored

MultiClaw stores your LLM API keys encrypted in MultiClaw Cloud, auth tokens in local config files protected by OS file permissions, and session tokens in memory only. The table below shows where each secret lives, how it's protected, and how to clear it.

Secret	Where it lives	Encrypted at rest	Cleared by
LLM API keys	MultiClaw Cloud database	Yes — AES-256 application-level encryption	Removing the key from your agent's settings
LLM API keys (cloud desktop sync)	Cloud desktop instance config (prefixed `enc:`)	Yes — AES-256-GCM per-instance key	Instance reset or re-sync from MultiClaw Cloud
Gateway workspace auth token	`~/.openclaw/openclaw.json`	No — OS file permissions only	Removing the user from the workspace
Desktop app bearer token	Desktop app WebView local storage	No — OS file permissions only	Signing out of the desktop app
WebSocket session tokens	Memory only — not written to disk	N/A	Connection close or token expiry

LLM API keys

MultiClaw Cloud stores your LLM provider API keys in its database, encrypted at rest with application-level encryption.

When MultiClaw syncs your configuration to a cloud desktop, it re-encrypts each API key with AES-256-GCM using a per-instance key derived through HKDF-SHA256. MultiClaw writes the encrypted value (prefixed enc:) to the instance's local config. At runtime, the gateway decrypts the key in memory to call your LLM provider.

The desktop app and gateway are designed not to log configuration values. Under normal operation, keys do not appear in diagnostic logs.

To add, update, or remove an API key, open your agent's settings in MultiClaw Cloud. Changes sync to connected cloud desktops on the next configuration push. Removing a key from MultiClaw Cloud deletes the encrypted copy from every synced instance.

Workspace auth token

When you sign in, MultiClaw Cloud issues a long-lived auth token stored in ~/.openclaw/openclaw.json as a plain JSON string. The gateway uses this token to authenticate WebSocket connections to MultiClaw Cloud. The token is not encrypted at rest. OS file permissions on ~/.openclaw/ control read access.

Note:

OS file permissions mean that only your operating system user account is intended to read the contents of ~/.openclaw/. If you share an OS-level user account with other people, they may be able to read the token. Treat your OS user account as the trust boundary for this file.

The token is scoped to your user account and is not designed to permit access to another user's data.

To revoke access after a device is lost, a workspace owner can remove the user on the Users page in MultiClaw Cloud. MultiClaw does not currently offer per-device session revocation.

Tip:

On macOS and Linux, verify your ~/.openclaw/ directory permissions by running ls -ld ~/.openclaw/. The output should show drwx------ (owner-only access). On Windows, right-click the folder, open Properties → Security, and confirm only your user account has read access.

Desktop app bearer token

The desktop app uses a separate bearer token for its HTTP and real-time API calls to MultiClaw Cloud. It stores this token in its WebView local storage, not in ~/.openclaw/openclaw.json, and does not encrypt it at rest.

This bearer token is distinct from the gateway workspace auth token. The gateway reads openclaw.json for its WebSocket connection, while the desktop app holds its own bearer token. Signing out of the desktop app clears the bearer token from local storage.

WebSocket session tokens

Each WebSocket connection uses a short-lived HMAC-SHA256-signed token generated fresh for every session. These tokens exist in memory only while the connection is active and are not written to disk.

Token lifetime depends on the connection type: user session tokens expire after 4 hours, and daemon (cloud desktop) connection tokens expire after 24 hours. When a token expires, the system generates a new one automatically on reconnect.

If a device is lost or compromised

If you lose a device or suspect unauthorized access, take these steps in order:

Ask a workspace owner to remove your user account on the Users page in MultiClaw Cloud. This revokes the gateway workspace auth token stored on the device.
Sign in to MultiClaw Cloud from a trusted device and rotate any LLM API keys your agents use. Open your agent's settings, remove the current key, and add a new one.
If you use the same password elsewhere, change it. MultiClaw Cloud stores only a bcrypt hash of your password, but credential reuse remains a risk outside MultiClaw.

The desktop app bearer token is cleared when you sign out, but you cannot remotely sign out a lost device. Removing the user from the workspace is the primary revocation mechanism.

Warning:

MultiClaw does not currently offer per-device session revocation. Removing a user from the workspace revokes all of that user's tokens across every device.

What MultiClaw does not store

MultiClaw does not retain the following values in their original form:

Plaintext passwords: MultiClaw Cloud stores only a bcrypt hash of your password. Neither MultiClaw Cloud nor the desktop app is designed to retain the original password.
Browser cookies and session tokens: MultiClaw is not designed to store cookies or session tokens from pages recorded during a workflow.

Your responsibilities

MultiClaw encrypts API keys at rest, scopes tokens to your user account, and keeps session tokens short-lived. The protections above assume:

Your OS user account is not shared with other people.
Your device has full-disk encryption enabled (FileVault on macOS, BitLocker on Windows, LUKS on Linux).
You sign out of the desktop app before lending or decommissioning a device.
You keep your device locked when unattended.

Without these measures, unencrypted tokens in openclaw.json and local storage are accessible to anyone with physical access to the device. For a full breakdown of where platform protections end and yours begin, see Shared responsibility model.