vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-29 23:08:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2c536a8626ca30f56edcabf4f2180df875929550
openclaw/docs/reference/secret-placeholder-conventions.md
Peter Steinberger 2c536a8626 docs: absorb documentation PR sweep
2026-05-23 10:23:34 +01:00

1.1 KiB
Raw Blame History

summary, read_when, title
summary read_when title
Secret-scanner-safe placeholder conventions for docs and examples
Writing docs that include tokens, API keys, or credential snippets
Updating examples that may be scanned by secret-detection tooling
Secret Placeholder Conventions

Secret placeholder conventions

Use placeholders that are human-readable but do not resemble real secrets.

Recommended style

  • Prefer descriptive values like example-openai-key-not-real or example-discord-bot-token.
  • For shell snippets, prefer ${OPENAI_API_KEY} over inline token-like strings.
  • Keep examples obviously fake and scoped to purpose (provider, channel, auth type).

Avoid these patterns in docs

  • Private key sentinels such as -----BEGIN PRIVATE KEY-----.
  • Prefixes that resemble live credentials, for example sk-..., xoxb-..., AKIA....
  • Realistic-looking bearer tokens copied from runtime logs.

Example

# Good
export OPENAI_API_KEY="example-openai-key-not-real"

# Better (when the doc is about env wiring)
export OPENAI_API_KEY="${OPENAI_API_KEY}"
Reference in New Issue View Git Blame Copy Permalink