diff --git a/src/secrets/runtime-web-tools.shared.ts b/src/secrets/runtime-web-tools.shared.ts
index da308303c5a..df1191e8aef 100644
--- a/src/secrets/runtime-web-tools.shared.ts
+++ b/src/secrets/runtime-web-tools.shared.ts
@@ -72,6 +72,7 @@ export type RuntimeWebProviderSelectionParams<
   setResolvedCredential: (params: {
     resolvedConfig: OpenClawConfig;
     provider: TProvider;
+    path: string;
     value: string;
   }) => void;
   inactivePathsForProvider: (provider: TProvider) => string[];
@@ -372,6 +373,7 @@ export async function resolveRuntimeWebProviderSelection<
           params.setResolvedCredential({
             resolvedConfig: params.resolvedConfig,
             provider,
+            path,
             value: resolution.value,
           });
         }
@@ -384,6 +386,7 @@ export async function resolveRuntimeWebProviderSelection<
         params.setResolvedCredential({
           resolvedConfig: params.resolvedConfig,
           provider,
+          path,
           value: resolution.value,
         });
         break;
diff --git a/src/secrets/runtime-web-tools.ts b/src/secrets/runtime-web-tools.ts
index e63f45adc3a..c6af383de73 100644
--- a/src/secrets/runtime-web-tools.ts
+++ b/src/secrets/runtime-web-tools.ts
@@ -301,17 +301,17 @@ async function resolveSecretInputWithEnvFallback(params: {
 function setResolvedWebSearchApiKey(params: {
   resolvedConfig: OpenClawConfig;
   provider: PluginWebSearchProviderEntry;
+  path: string;
   value: string;
 }): void {
+  const useLegacySearchConfig = params.path === "tools.web.search.apiKey";
+  if (params.provider.setConfiguredCredentialValue && !useLegacySearchConfig) {
+    params.provider.setConfiguredCredentialValue(params.resolvedConfig, params.value);
+    return;
+  }
   const tools = ensureObject(params.resolvedConfig as Record<string, unknown>, "tools");
   const web = ensureObject(tools, "web");
   const search = ensureObject(web, "search");
-  if (params.provider.setConfiguredCredentialValue) {
-    params.provider.setConfiguredCredentialValue(params.resolvedConfig, params.value);
-    if (params.provider.id !== "brave") {
-      return;
-    }
-  }
   params.provider.setCredentialValue(search, params.value);
 }
 
@@ -432,6 +432,7 @@ function inactivePathsForProvider(provider: PluginWebSearchProviderEntry): strin
 function setResolvedWebFetchApiKey(params: {
   resolvedConfig: OpenClawConfig;
   provider: PluginWebFetchProviderEntry;
+  path: string;
   value: string;
 }): void {
   const tools = ensureObject(params.resolvedConfig as Record<string, unknown>, "tools");
@@ -646,10 +647,16 @@ export async function resolveRuntimeWebTools(params: {
           path,
           envVars,
         }),
-      setResolvedCredential: ({ resolvedConfig, provider, value }) =>
+      setResolvedCredential: ({ resolvedConfig, provider, path, value }) =>
         setResolvedWebSearchApiKey({
           resolvedConfig,
           provider,
+          path:
+            search &&
+            Object.prototype.hasOwnProperty.call(search, "apiKey") &&
+            provider.getConfiguredCredentialValue?.(params.sourceConfig) == null
+              ? "tools.web.search.apiKey"
+              : path,
           value,
         }),
       inactivePathsForProvider,
@@ -740,10 +747,11 @@ export async function resolveRuntimeWebTools(params: {
           envVars,
           restrictEnvRefsToEnvVars: true,
         }),
-      setResolvedCredential: ({ resolvedConfig, provider, value }) =>
+      setResolvedCredential: ({ resolvedConfig, provider, path, value }) =>
         setResolvedWebFetchApiKey({
           resolvedConfig,
           provider,
+          path,
           value,
         }),
       inactivePathsForProvider: inactivePathsForFetchProvider,