7844bc89a1
* Feishu: require webhook encrypt key in schema * Feishu: cover encrypt key webhook validation * Feishu: enforce encrypt key at startup * Feishu: add webhook forgery regression test * Feishu: collect encrypt key during onboarding * Docs: require Feishu webhook encrypt key * Changelog: note Feishu webhook hardening * Docs: clarify Feishu encrypt key screenshot * Feishu: treat webhook encrypt key as secret input * Feishu: resolve encrypt key only in webhook mode
783 lines
24 KiB
TypeScript
783 lines
24 KiB
TypeScript
import type { SecretTargetRegistryEntry } from "./target-registry-types.js";
|
|
|
|
const SECRET_INPUT_SHAPE = "secret_input"; // pragma: allowlist secret
|
|
const SIBLING_REF_SHAPE = "sibling_ref"; // pragma: allowlist secret
|
|
|
|
const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [
|
|
{
|
|
id: "auth-profiles.api_key.key",
|
|
targetType: "auth-profiles.api_key.key",
|
|
configFile: "auth-profiles.json",
|
|
pathPattern: "profiles.*.key",
|
|
refPathPattern: "profiles.*.keyRef",
|
|
secretShape: SIBLING_REF_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
authProfileType: "api_key",
|
|
},
|
|
{
|
|
id: "auth-profiles.token.token",
|
|
targetType: "auth-profiles.token.token",
|
|
configFile: "auth-profiles.json",
|
|
pathPattern: "profiles.*.token",
|
|
refPathPattern: "profiles.*.tokenRef",
|
|
secretShape: SIBLING_REF_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
authProfileType: "token",
|
|
},
|
|
{
|
|
id: "agents.defaults.memorySearch.remote.apiKey",
|
|
targetType: "agents.defaults.memorySearch.remote.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "agents.defaults.memorySearch.remote.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "agents.list[].memorySearch.remote.apiKey",
|
|
targetType: "agents.list[].memorySearch.remote.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "agents.list[].memorySearch.remote.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.bluebubbles.accounts.*.password",
|
|
targetType: "channels.bluebubbles.accounts.*.password",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.bluebubbles.accounts.*.password",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.bluebubbles.password",
|
|
targetType: "channels.bluebubbles.password",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.bluebubbles.password",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.discord.accounts.*.pluralkit.token",
|
|
targetType: "channels.discord.accounts.*.pluralkit.token",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.discord.accounts.*.pluralkit.token",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.discord.accounts.*.token",
|
|
targetType: "channels.discord.accounts.*.token",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.discord.accounts.*.token",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.discord.accounts.*.voice.tts.elevenlabs.apiKey",
|
|
targetType: "channels.discord.accounts.*.voice.tts.elevenlabs.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.discord.accounts.*.voice.tts.elevenlabs.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.discord.accounts.*.voice.tts.openai.apiKey",
|
|
targetType: "channels.discord.accounts.*.voice.tts.openai.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.discord.accounts.*.voice.tts.openai.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.discord.pluralkit.token",
|
|
targetType: "channels.discord.pluralkit.token",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.discord.pluralkit.token",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.discord.token",
|
|
targetType: "channels.discord.token",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.discord.token",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.discord.voice.tts.elevenlabs.apiKey",
|
|
targetType: "channels.discord.voice.tts.elevenlabs.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.discord.voice.tts.elevenlabs.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.discord.voice.tts.openai.apiKey",
|
|
targetType: "channels.discord.voice.tts.openai.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.discord.voice.tts.openai.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.feishu.accounts.*.appSecret",
|
|
targetType: "channels.feishu.accounts.*.appSecret",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.feishu.accounts.*.appSecret",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.feishu.accounts.*.encryptKey",
|
|
targetType: "channels.feishu.accounts.*.encryptKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.feishu.accounts.*.encryptKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.feishu.accounts.*.verificationToken",
|
|
targetType: "channels.feishu.accounts.*.verificationToken",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.feishu.accounts.*.verificationToken",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.feishu.appSecret",
|
|
targetType: "channels.feishu.appSecret",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.feishu.appSecret",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.feishu.encryptKey",
|
|
targetType: "channels.feishu.encryptKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.feishu.encryptKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.feishu.verificationToken",
|
|
targetType: "channels.feishu.verificationToken",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.feishu.verificationToken",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.googlechat.accounts.*.serviceAccount",
|
|
targetType: "channels.googlechat.serviceAccount",
|
|
targetTypeAliases: ["channels.googlechat.accounts.*.serviceAccount"],
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.googlechat.accounts.*.serviceAccount",
|
|
refPathPattern: "channels.googlechat.accounts.*.serviceAccountRef",
|
|
secretShape: SIBLING_REF_SHAPE,
|
|
expectedResolvedValue: "string-or-object",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
accountIdPathSegmentIndex: 3,
|
|
},
|
|
{
|
|
id: "channels.googlechat.serviceAccount",
|
|
targetType: "channels.googlechat.serviceAccount",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.googlechat.serviceAccount",
|
|
refPathPattern: "channels.googlechat.serviceAccountRef",
|
|
secretShape: SIBLING_REF_SHAPE,
|
|
expectedResolvedValue: "string-or-object",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.irc.accounts.*.nickserv.password",
|
|
targetType: "channels.irc.accounts.*.nickserv.password",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.irc.accounts.*.nickserv.password",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.irc.accounts.*.password",
|
|
targetType: "channels.irc.accounts.*.password",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.irc.accounts.*.password",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.irc.nickserv.password",
|
|
targetType: "channels.irc.nickserv.password",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.irc.nickserv.password",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.irc.password",
|
|
targetType: "channels.irc.password",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.irc.password",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.mattermost.accounts.*.botToken",
|
|
targetType: "channels.mattermost.accounts.*.botToken",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.mattermost.accounts.*.botToken",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.mattermost.botToken",
|
|
targetType: "channels.mattermost.botToken",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.mattermost.botToken",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.matrix.accounts.*.password",
|
|
targetType: "channels.matrix.accounts.*.password",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.matrix.accounts.*.password",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.matrix.password",
|
|
targetType: "channels.matrix.password",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.matrix.password",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.msteams.appPassword",
|
|
targetType: "channels.msteams.appPassword",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.msteams.appPassword",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.nextcloud-talk.accounts.*.apiPassword",
|
|
targetType: "channels.nextcloud-talk.accounts.*.apiPassword",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.nextcloud-talk.accounts.*.apiPassword",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.nextcloud-talk.accounts.*.botSecret",
|
|
targetType: "channels.nextcloud-talk.accounts.*.botSecret",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.nextcloud-talk.accounts.*.botSecret",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.nextcloud-talk.apiPassword",
|
|
targetType: "channels.nextcloud-talk.apiPassword",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.nextcloud-talk.apiPassword",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.nextcloud-talk.botSecret",
|
|
targetType: "channels.nextcloud-talk.botSecret",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.nextcloud-talk.botSecret",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.slack.accounts.*.appToken",
|
|
targetType: "channels.slack.accounts.*.appToken",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.slack.accounts.*.appToken",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.slack.accounts.*.botToken",
|
|
targetType: "channels.slack.accounts.*.botToken",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.slack.accounts.*.botToken",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.slack.accounts.*.signingSecret",
|
|
targetType: "channels.slack.accounts.*.signingSecret",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.slack.accounts.*.signingSecret",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.slack.accounts.*.userToken",
|
|
targetType: "channels.slack.accounts.*.userToken",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.slack.accounts.*.userToken",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.slack.appToken",
|
|
targetType: "channels.slack.appToken",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.slack.appToken",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.slack.botToken",
|
|
targetType: "channels.slack.botToken",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.slack.botToken",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.slack.signingSecret",
|
|
targetType: "channels.slack.signingSecret",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.slack.signingSecret",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.slack.userToken",
|
|
targetType: "channels.slack.userToken",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.slack.userToken",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.telegram.accounts.*.botToken",
|
|
targetType: "channels.telegram.accounts.*.botToken",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.telegram.accounts.*.botToken",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.telegram.accounts.*.webhookSecret",
|
|
targetType: "channels.telegram.accounts.*.webhookSecret",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.telegram.accounts.*.webhookSecret",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.telegram.botToken",
|
|
targetType: "channels.telegram.botToken",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.telegram.botToken",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.telegram.webhookSecret",
|
|
targetType: "channels.telegram.webhookSecret",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.telegram.webhookSecret",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.zalo.accounts.*.botToken",
|
|
targetType: "channels.zalo.accounts.*.botToken",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.zalo.accounts.*.botToken",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.zalo.accounts.*.webhookSecret",
|
|
targetType: "channels.zalo.accounts.*.webhookSecret",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.zalo.accounts.*.webhookSecret",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.zalo.botToken",
|
|
targetType: "channels.zalo.botToken",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.zalo.botToken",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "channels.zalo.webhookSecret",
|
|
targetType: "channels.zalo.webhookSecret",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "channels.zalo.webhookSecret",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "cron.webhookToken",
|
|
targetType: "cron.webhookToken",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "cron.webhookToken",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "gateway.auth.token",
|
|
targetType: "gateway.auth.token",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "gateway.auth.token",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "gateway.auth.password",
|
|
targetType: "gateway.auth.password",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "gateway.auth.password",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "gateway.remote.password",
|
|
targetType: "gateway.remote.password",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "gateway.remote.password",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "gateway.remote.token",
|
|
targetType: "gateway.remote.token",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "gateway.remote.token",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "messages.tts.elevenlabs.apiKey",
|
|
targetType: "messages.tts.elevenlabs.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "messages.tts.elevenlabs.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "messages.tts.openai.apiKey",
|
|
targetType: "messages.tts.openai.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "messages.tts.openai.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "models.providers.*.apiKey",
|
|
targetType: "models.providers.apiKey",
|
|
targetTypeAliases: ["models.providers.*.apiKey"],
|
|
configFile: "openclaw.json",
|
|
pathPattern: "models.providers.*.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
providerIdPathSegmentIndex: 2,
|
|
trackProviderShadowing: true,
|
|
},
|
|
{
|
|
id: "models.providers.*.headers.*",
|
|
targetType: "models.providers.headers",
|
|
targetTypeAliases: ["models.providers.*.headers.*"],
|
|
configFile: "openclaw.json",
|
|
pathPattern: "models.providers.*.headers.*",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
providerIdPathSegmentIndex: 2,
|
|
},
|
|
{
|
|
id: "skills.entries.*.apiKey",
|
|
targetType: "skills.entries.apiKey",
|
|
targetTypeAliases: ["skills.entries.*.apiKey"],
|
|
configFile: "openclaw.json",
|
|
pathPattern: "skills.entries.*.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "talk.apiKey",
|
|
targetType: "talk.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "talk.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "talk.providers.*.apiKey",
|
|
targetType: "talk.providers.*.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "talk.providers.*.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "tools.web.fetch.firecrawl.apiKey",
|
|
targetType: "tools.web.fetch.firecrawl.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "tools.web.fetch.firecrawl.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "tools.web.search.apiKey",
|
|
targetType: "tools.web.search.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "tools.web.search.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "tools.web.search.gemini.apiKey",
|
|
targetType: "tools.web.search.gemini.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "tools.web.search.gemini.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "tools.web.search.grok.apiKey",
|
|
targetType: "tools.web.search.grok.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "tools.web.search.grok.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "tools.web.search.kimi.apiKey",
|
|
targetType: "tools.web.search.kimi.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "tools.web.search.kimi.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "tools.web.search.perplexity.apiKey",
|
|
targetType: "tools.web.search.perplexity.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "tools.web.search.perplexity.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
];
|
|
|
|
export { SECRET_TARGET_REGISTRY };
|