docs(plugins): add @secr/openclaw-plugin#81
Open
secr-dev wants to merge 1 commit into
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this adds
A new entry under Plugins and Integrations for
@secr/openclaw-plugin—a native OpenClaw plugin that wraps every tool call through a
secrets-management and Non-Human Identity governance layer. Available on
both ClawHub and npm.
Traction & evidence (per CONTRIBUTING.md)
openclaw.compat.pluginApi >=2026.5.0, builtWith 2026.5.7)openclaw plugins inspect secr --runtime --json(typed-hook entry onbefore_tool_call); live event/ctx payload captured and validated against the documented contract.source-linked / artifact-only).What it does
IDENTITY.md/.envfiles with a short-lived agent-token session against the secr API.Per-agent server-side
secretAllowlistenforced on every read.before_tool_callplugin hookvia
api.on()and:names, not just MCP secret operations)
requireApprovalfor tools matching approval-required rules,surfacing OpenClaw's native approval UI
FOR UPDATE SKIP LOCKED(no double-spend under concurrent retries)redacted parameters, agent identity, environment, IP.
mcp.approval_required/mcp.approval_decided) plus interactive Telegram bots with one-tapApprove/Deny inline keyboards.
secr.get_secret,secr.list_envs, andsecr.materialize_envfor explicit calls fromagent code.
Install
Add a
secr:block to~/.openclaw/openclaw.jsonunderplugins.entries.secr.configwithtoken,org,project,environment, thenopenclaw gateway restart.Links
Disclosure
Submitted by the secr team — happy to adjust the description, drop the
entry, or move the placement if it fits better elsewhere in the list.
I'd ordinarily open an "Add Resource Request" issue first per the
CONTRIBUTING flow; submitting the PR directly because the entry is a
single bullet line under an existing section. Happy to convert this to an
issue first if preferred.