How to Run OpenClaw Safely: The Secure Deployment Guide

Last updated: February 28, 2026 14:00 UTC

securitydeploymentdockerhardeningguide

Running AI agents on your own infrastructure is powerful — but power demands responsibility. This guide covers everything you need to deploy OpenClaw safely.

Why Security Matters for AI Agents

OpenClaw agents can:

  • Execute arbitrary code
  • Access the filesystem
  • Make network requests
  • Control a browser
  • Interact with external APIs

Without proper isolation, a misconfigured agent could expose sensitive data, consume excessive resources, or make unintended changes to your systems.

1. Docker Isolation (Critical)

Use Docker — Always

Never run OpenClaw directly on your host. Always use Docker:

docker compose up -d

Restrict Container Capabilities

Add these to your docker-compose.yml:

services:
  openclaw:
    # Drop all capabilities, add only what's needed
    cap_drop:
      - ALL
    cap_add:
      - NET_BIND_SERVICE
    # Read-only root filesystem
    read_only: true
    # Temp directories for runtime needs
    tmpfs:
      - /tmp
      - /var/tmp
    # Resource limits
    deploy:
      resources:
        limits:
          cpus: "2.0"
          memory: 4G
        reservations:
          memory: 1G

No Privileged Mode

Never use privileged: true or --privileged. This gives the container full host access.

2. Network Security

Limit Outbound Access

By default, containers can reach the internet. Restrict this:

networks:
  openclaw-net:
    driver: bridge
    internal: true  # No internet access

  # Separate network for services that need internet
  openclaw-external:
    driver: bridge

Only attach the external network to services that genuinely need internet access (e.g., for API calls to model providers).

Firewall Rules

# Only expose the web UI port
# Don't expose internal service ports
ports:
  - "127.0.0.1:8080:8080"  # Bind to localhost only

Use a reverse proxy (nginx, Caddy, Traefik) with TLS for external access.

3. Secret Management

Never Hardcode Secrets

# Bad
OPENAI_API_KEY=sk-abc123 docker compose up

# Good — use .env file
cp .env.example .env
chmod 600 .env
# Edit .env with your values

Protect Your .env File

chmod 600 .env
chown root:root .env

Add .env to .gitignore — never commit secrets.

Rotate Keys Regularly

Set a reminder to rotate API keys monthly. If a key is compromised:

  1. Revoke the old key immediately
  2. Generate a new key
  3. Update your .env
  4. Restart the service

4. User Access Control

Separate Admin and User Accounts

If multiple people use your OpenClaw instance:

  • Create separate accounts
  • Use role-based access
  • Audit who accessed what

Enable Authentication

Always require authentication for the web UI. Never expose it unauthenticated, even on a local network.

5. Monitoring & Logging

Log Everything

Configure structured logging:

services:
  openclaw:
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "5"

Monitor Agent Actions

Review agent action logs regularly. Look for:

  • Unexpected file access
  • Unusual network requests
  • Excessive resource consumption
  • Failed authentication attempts

Set Up Alerts

Minimum alert thresholds:

  • CPU > 80% sustained for 5 minutes
  • Memory > 90%
  • Disk > 85%
  • Any container restart

6. Backup Strategy

What to Back Up

  • Agent memory/knowledge databases
  • Configuration files
  • Custom skills
  • .env file (encrypted!)

Backup Schedule

  • Daily: Agent data (memory, knowledge)
  • Weekly: Full configuration
  • Before updates: Complete snapshot
# Example backup script
tar czf backup-$(date +%Y%m%d).tar.gz \
  data/ config/ .env

7. Update Strategy

Stay Current

Follow OpenClaw releases for security patches:

  • Watch the GitHub repository
  • Subscribe to ClawNews Daily Briefs for update notifications
  • Review changelogs before updating

Update Process

  1. Read the changelog
  2. Back up your data
  3. Pull new images: docker compose pull
  4. Restart: docker compose up -d
  5. Verify functionality
  6. Monitor for issues

8. Security Checklist

Use this checklist for every deployment:

  • Running in Docker (not bare metal)
  • No privileged mode
  • Capabilities dropped
  • Resource limits set
  • Network access restricted
  • Web UI behind authentication
  • TLS enabled (HTTPS)
  • Secrets in .env file (not hardcoded)
  • .env has restricted permissions (600)
  • Logging configured
  • Monitoring active
  • Backup schedule in place
  • Update process documented

What’s Next?

Found a security issue? Report it responsibly to tips@clawnews.org.

Related reading

Get the OpenClaw Daily Brief

5 bullets. Under 3 minutes. Every weekday.