↑
sathish316 3 hours ago
1. Persistent id
2. Ephemeral credentials to access API keys
3. Periodic rotation and expiry of keys
4. Prompt injection and Lethal trifecta attacks from other untrusted users
5. Supply chain attacks from marketplace skills
This 3 actor system where OpenClaw is treated as an untrusted internal threat actor that can’t be trusted, OpenClaw attackers as malicious actors and you as the root user is not solved well by many Password managers.
Hashicorp Vault solves these problems by giving you fine-grained access to keys and expiry of each token