Documentation Menu
Managing Keys
Update, rotate, or remove API keys from your agent.
On this page
After adding API keys, you can view, update, or remove them from the dashboard at any time.
Viewing Current Keys
Open your agent’s detail page and go to the Keys tab. Each configured provider is listed with a masked version of the key. Only the last four characters are visible. This lets you confirm which key is active without exposing the full value.
Updating a Key
To rotate or replace a key:
- Go to the Keys tab on your agent’s detail page.
- Find the provider you want to update.
- Click Edit.
- Paste the new key.
- Save.
The old key is overwritten immediately. Your agent starts using the new key on its next API call. No restart required.
Removing a Provider
If you no longer want your agent to use a provider, click Remove next to that provider’s key entry. The key is deleted from your agent’s configuration. Make sure you have at least one other provider configured, or your agent will not be able to make AI requests.
Key Rotation Best Practices
Rotate your keys periodically, especially if you suspect a key may have been exposed. Generate a new key from the provider’s dashboard, update it in BrainRoad, then revoke the old key at the provider.
Where Keys Are Stored
Your keys live inside your agent’s container at /home/node/.openclaw/agents/main/agent/auth-profiles.json. They are not stored in BrainRoad’s database or transmitted to any external service. Your agent environment is isolated in its own Kubernetes namespace. Only you have access.
You can also inspect your keys directly via the Console by viewing the auth-profiles file.
Related Docs
- Adding API Keys — add your first key or a new provider
- Supported Providers — which AI providers your agent supports