Skills passwordstore-broker
Enforce safe secret handling by collecting secrets through one-time HTTPS forms, storing them in pass via scripts/vault.sh, and executing tools with environment injection via scripts/run_with_secret.sh so raw secrets do not enter chat context or logs.
install
source · Clone the upstream repo
git clone https://github.com/openclaw/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/bieggerm/passwordstore-broker" ~/.claude/skills/openclaw-skills-passwordstore-broker && rm -rf "$T"
OpenClaw · Install into ~/.openclaw/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/skills/bieggerm/passwordstore-broker" ~/.openclaw/skills/openclaw-skills-passwordstore-broker && rm -rf "$T"
manifest:
skills/bieggerm/passwordstore-broker/SKILL.mdsource content
Passwordstore Broker Agent Protocol
Run this workflow whenever credentials are needed.
Prerequisites
- Follow
before first use.references/SETUP.md
Setup Preflight
Before first LAN-mode intake, verify both files exist:
-
~/.passwordstore-broker/totp.secret -
~/.passwordstore-broker/setup_completed_at.txt -
If missing, run
and send:scripts/setup_totp_enrollment.py- QR image at
(preferred)qr_png_path - fallback
otpauth_url
- QR image at
-
Record and trust
as the initial enrollment timestamp.setup_completed_at -
Never reveal or retransmit the
value after initial enrollment under any circumstances.totp.secret -
Do not rotate
. User has to do it manually if compromised. Rotation is not to be done by the agent.totp.secret
Phase 1: Get Secrets
Goal: ensure required secrets exist in local vault without exposing values in chat.
- Map auth requirements to
.secret-name -> ENV_VAR - Check whether each secret exists:
scripts/vault.sh exists <secret-name>
- If missing, collect via one-time HTTPS intake:
- Local mode (default):
scripts/get_password_from_user.py --secretname <secret-name> --port <port>
- LAN mode (when user asks for phone/private-network flow):
scripts/get_password_from_user.py --secretname <secret-name> --port <port> --access lan
- Local mode (default):
- Send generated intake URL to user.
- In LAN mode, instruct user to submit both fields in the form:
- secret value
- current authenticator code
- If intake fails or times out, retry with a new port.
Exit criteria:
- Required secret paths exist in vault.
Phase 2: Use Secrets
Goal: execute authenticated commands without exposing secret values.
- Prefer injector wrapper:
scripts/run_with_secret.sh --secret <secret-name> --env <ENV_VAR> -- <command> [args...]
- Fallback one-liner:
<ENV_VAR>="$(scripts/vault.sh get <secret-name>)" <command> [args...]
- Never print env dumps (
,env
,printenv
) in secret-bearing runs.set
Exit criteria:
- Authenticated command succeeds without secret leakage.
Phase 3: Interact With Vault
Goal: manage lifecycle safely.
- Put/update:
scripts/vault.sh put <secret-name> - Get (only when necessary):
scripts/vault.sh get <secret-name> - Exists:
scripts/vault.sh exists <secret-name> - List:
scripts/vault.sh ls - Remove:
scripts/vault.sh rm <secret-name>
Naming policy:
- Use stable scoped keys like
,github/token
,openai/prod/api_key
.aws/staging/access_key_id
Rotation policy:
- Default to replacing value under the same key.
- Use versioned keys only when user explicitly asks.
Non-Negotiable Guardrails
- Never ask users to paste raw secrets into chat.
- Never echo secret values back to user.
- Never store secrets in repo files, commit messages, issue comments, or transcripts.
- Never expose intake over public interfaces or tunnels.
- LAN mode must rely on runtime private-network autodetection and webform TOTP validation.
Quick Runbook
- Ensure TOTP enrollment exists (via setup preflight) before first LAN use.
- For each missing secret, run intake in local or LAN mode based on user intent.
- Execute tools via
.run_with_secret.sh - Rotate/remove secrets via
as requested.vault.sh