ChatGPT OAuth 模式防串钥匙:清理子进程 OpenAI Key 环境变量(PR #41098)
在 ACPX_AUTH_CHATGPT 场景下,阻断 OPENAI_API_KEY 等变量泄漏到子进程,避免错误认证路径与潜在密钥风险。
GITHUBDiscovered 2026-03-11Author openclaw contributors
Prerequisites
- You use ACPX ChatGPT OAuth auth mode in OpenClaw.
- Host/container environment may already define OPENAI_API_KEY-like vars.
Steps
- Upgrade to a build containing PR #41098.
- Run ACPX with ACPX_AUTH_CHATGPT enabled in a controlled test session.
- Confirm child runtime no longer receives OPENAI_API_KEY / OPENAI_API_KEYS / AZURE_OPENAI_API_KEY.
- Validate OAuth path still works and non-OAuth mode behavior remains unchanged.
Commands
openclaw gateway statusopenclaw gateway restartopenclaw helpVerify
OAuth-selected runs authenticate via session profile without key-env fallback side effects.
Caveats
- This guard applies when ACPX_AUTH_CHATGPT is present; non-OAuth flows still use existing env behavior.
- Provider-specific auth edge cases still need staging validation (需验证).
Source attribution
This tip is aggregated from community/public sources and preserved with attribution.
Open original source ↗