provider-key-manager
Provider key manager — rotate and sync API keys across multi-agent workspaces
Best use case
provider-key-manager is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Provider key manager — rotate and sync API keys across multi-agent workspaces
Teams using provider-key-manager should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/provider-key-manager/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How provider-key-manager Compares
| Feature / Agent | provider-key-manager | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Provider key manager — rotate and sync API keys across multi-agent workspaces
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Provider Key Manager
> 一条命令更换供应商 API Key,全员生效,零遗漏。
## 痛点
OpenClaw 多 agent 架构下,每个 agent 都有独立的 `models.json`,更换一个 provider key 需要:
1. 修改 `openclaw.json` 全局配置
2. 修改 13+ 个 agent 的 `models.json`
3. 更新 `pass` 存储
4. 重启 Gateway
5. 逐个验证
**一个 key 要改 15+ 处,漏改一个就报错。**
## 方案:环境变量统一引用
OpenClaw 原生支持 `${ENV_VAR}` 语法引用环境变量:
```json
// openclaw.json
{
"env": {
"vars": {
"ZAI_API_KEY": "actual-key-value-here"
}
},
"models": {
"providers": {
"zai": {
"apiKey": "${ZAI_API_KEY}", // ← 引用环境变量,不硬编码
"baseUrl": "https://open.bigmodel.cn/api/coding/paas/v4"
}
}
}
}
```
**核心原则**:
- API Key 只存在 `env.vars` 中(单一真相源)
- 所有 provider 的 `apiKey` 用 `"${ENV_VAR}"` 引用
- 各 agent 的 `models.json` **删除 apiKey 字段**,继承全局 provider
- 换 key = 改一个 env var + 重启,全员自动生效
## 触发词
`换key`, `更换key`, `provider key`, `API key 更换`, `模型key`, `key管理`, `供应商密钥`
## 命令
### 1. 审计当前配置
```bash
python3 ~/clawd/skills/provider-key-manager/scripts/manager.py audit
```
扫描所有 agent 的 models.json,报告:
- ✅ 使用 `${ENV_VAR}` 引用的 provider
- ❌ 硬编码 apiKey 的 provider
- ⚠️ key 值不一致的 agent
### 2. 迁移到环境变量模式
```bash
python3 ~/clawd/skills/provider-key-manager/scripts/manager.py migrate [--provider zai] [--dry-run]
```
自动执行:
1. 将 `openclaw.json` 中的硬编码 key 移入 `env.vars`
2. 替换 provider apiKey 为 `"${ENV_VAR}"`
3. 从各 agent models.json 中**删除** apiKey 字段(继承全局)
4. 更新 `pass` 存储
5. 生成迁移报告
### 3. 更换 API Key
```bash
python3 ~/clawd/skills/provider-key-manager/scripts/manager.py update <provider> <new-key> [--base-url <url>]
```
一条命令完成:
1. 更新 `env.vars` 中的 key
2. 如有 agent 仍硬编码,同步更新
3. 更新 `pass` 存储
4. 测试 key 可用性
5. 输出重启命令
### 4. 测试 Key 可用性
```bash
python3 ~/clawd/skills/provider-key-manager/scripts/manager.py test <provider>
```
对指定 provider 发送最小请求,验证 key 有效。
### 5. 查看 Provider 总览
```bash
python3 ~/clawd/skills/provider-key-manager/scripts/manager.py status
```
显示所有 provider 的 key 来源、baseUrl、模型列表。
## Provider ↔ 环境变量映射
| Provider | 环境变量 | pass 路径 |
|----------|---------|----------|
| zai | `ZAI_API_KEY` | `api/zai` |
| xingjiabiapi | `XINGJIABIAPI_KEY` | `api/xingjiabiapi` |
| xai | `XAI_API_KEY` | `api/xai` |
| xingsuancode | `XINGSUANCODE_KEY` | `api/xingsuancode` |
| moonshot | `MOONSHOT_API_KEY` | `api/kimi` |
| minimax | `MINIMAX_API_KEY` | `api/minimax` |
| xinyuan | `XINYUAN_API_KEY` | `api/xinyuan` |
| boluobao | `BOLUOBAO_API_KEY` | `api/boluobao` |
| google | `GOOGLE_API_KEY` | `api/google-ai-studio` |
## 架构图
```
┌─────────────────────────────────┐
│ openclaw.json │
│ ┌───────────────────────┐ │
│ │ env.vars │ │
│ │ ZAI_API_KEY: "xxx" │ ← 单一真相源 (Single Source of Truth)
│ │ XAI_API_KEY: "yyy" │ │
│ └───────────┬───────────┘ │
│ │ ${ZAI_API_KEY} │
│ ┌───────────▼───────────┐ │
│ │ models.providers.zai │ │
│ │ apiKey: "${ZAI_API_KEY}" │
│ │ baseUrl: "https://..." │ │
│ └───────────────────────┘ │
└─────────────────────────────────┘
│ 继承
┌─────────┼─────────┐
▼ ▼ ▼
agent/ agent/ agent/
main/ ops/ code/ ...
models.json models.json
(无 apiKey,继承全局)
```
## 注意事项
1. **env.vars 中的 key 是明文** — 但 openclaw.json 已在 .gitignore,不会被 commit
2. **per-agent models.json 仍需保留 provider 结构** — 只是删除 apiKey 字段
3. **迁移后换 key 流程**:`manager.py update zai <new-key>` → Gateway 重启 → 完成
4. **回退方案**:迁移前自动备份所有 models.json 到 `/tmp/provider-key-backup/`Related Skills
workspace-directory-manager
Workspace directory manager — maintain cleanliness of ~/.openclaw/ and ~/clawd/
ssh-manager
专业 SSH 连接管理工具。处理 Tailscale SSH、主机密钥、代理绕过、远程命令执行等操作。
product-manager-skills
> 产品经理技能集——PRD、用户故事、竞品分析、路线图等产品方法论工具
portfolio-manager
Comprehensive portfolio analysis using Alpaca MCP Server integration to fetch holdings and positions, then analyze asset allocation, risk metrics, individual stock positions, diversification, and generate rebalancing recommendations. Use when user requests portfolio review, position analysis, risk assessment, performance evaluation, or rebalancing suggestions for their brokerage account.
permission-manager
管理Claude Code的全局工具权限配置,自动将MCP命令或其他工具添加到allowedTools中,避免每次使用时都需要手动批准。工作流程:确认用户需要添加的命令 -> 确认添加级别(默认全局~/.claude.json) -> 执行添加 -> 验证并提醒重启。
model-provider-manager
Unified LLM provider and model configuration, health monitoring, and key management
mcp-manager
MCP 服务器智能管理助手。自动检测 MCP 可用性、智能开关、功能问答,提供人性化的 MCP 管理体验。
entropy-manager
Entropy scanner for codebases — detect disorder and suggest cleanup actions
email-manager
多邮箱统一管理与智能助手。支持 Gmail、QQ邮箱等 IMAP 邮箱,定时查看邮件,AI 生成摘要和回复草稿,发送前需用户确认。
customer-success-manager
Monitors customer health, predicts churn risk, and identifies expansion opportunities using weighted scoring models for SaaS customer success
cron-manager
创建、监控、诊断和修复 OpenClaw cron 任务,支持自然语言时间与常见故障排查。
context-manager
AI-powered context management for OpenClaw sessions