Docker sidecar + JIT secrets 的安全落地手册

• You can run Docker Compose and already have a private Tailscale tailnet (or equivalent private network).
• A dedicated agent identity exists (separate email + 2FA + password manager vault).
• 1Password CLI/service account (or equivalent vault API) is available for JIT secret retrieval.

1. Deploy OpenClaw, Chrome, and Tailscale as separate sidecars; expose no public inbound endpoint.
2. Configure browser automation to connect to Chrome container (CDP) instead of mixing browser runtime inside agent container.
3. Create a scoped vault/service account and fetch secrets just-in-time when a task starts (not at process boot).
4. Enable immutable audit logs for secret access and automation actions, then add a one-command credential revoke path.
5. Run a threat-model pass (entry point, secret exposure, browser abuse, account takeover) before production usage.

• Headful browser anti-bot behavior and CAPTCHAs vary by target platform; bypass reliability is not guaranteed（需验证）.
• Do not reuse personal identity for agent automation accounts.

This tip is aggregated from community/public sources and preserved with attribution.