mirror of https://github.com/openclaw/openclaw.git synced 2026-05-29 17:45:15 +00:00

Files

Vincent Koc 3a1d4dd43f fix(ci): clear signal and docs guard blockers (#85693 )

* fix(signal): use lint-safe test api export

* docs: avoid private key sentinel example

2026-05-23 18:27:12 +08:00

summary, read_when, title

summary

read_when

title

Secret-scanner-safe placeholder conventions for docs and examples

Writing docs that include tokens, API keys, or credential snippets

Updating examples that may be scanned by secret-detection tooling

Secret Placeholder Conventions

Secret placeholder conventions

Use placeholders that are human-readable but do not resemble real secrets.

Recommended style

Prefer descriptive values like example-openai-key-not-real or example-discord-bot-token.
For shell snippets, prefer ${OPENAI_API_KEY} over inline token-like strings.
Keep examples obviously fake and scoped to purpose (provider, channel, auth type).

Literal PEM private-key header or footer text.
Prefixes that resemble live credentials, for example sk-..., xoxb-..., AKIA....
Realistic-looking bearer tokens copied from runtime logs.

# Good
export OPENAI_API_KEY="example-openai-key-not-real"

# Better (when the doc is about env wiring)
export OPENAI_API_KEY="${OPENAI_API_KEY}"