gateway-env-injector

Safely inject API keys from 1Password into macOS LaunchAgent plists using PlistBuddy. Use when running OpenClaw on macOS and storing secrets in 1Password — avoids plaintext keys on disk while keeping LaunchAgent env vars populated. Requires 1Password CLI (op).

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "gateway-env-injector" with this command: npx skills add nissan/gateway-env-injector

Gateway Environment Injector

Bake secrets from 1Password into macOS LaunchAgent plists without leaving plaintext keys on disk. Uses op read to fetch secrets and /usr/libexec/PlistBuddy to inject them directly into the plist's EnvironmentVariables block.

Why This Exists

  • launchctl setenv doesn't inject into a plist's own EnvironmentVariables block
  • Environment variables in .zshrc aren't available to LaunchAgents
  • Plaintext key files are a security risk
  • 1Password service accounts provide read-only, rotatable access

Usage

bash scripts/inject-gateway-env.sh

Reads each key from 1Password, injects into the gateway plist, then restarts the service.

What It Injects

Configurable list of op://Vault/Item/field references mapped to environment variable names. Modify the script's KEYS array for your setup.

Key Lesson

Changing the Node binary path (even to a symlink) can silently revoke macOS TCC permissions. Always keep the gateway plist locked to the Homebrew Cellar path, not an NVM symlink.

Files

  • scripts/inject-gateway-env.sh — Injection script with 1Password integration

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Automation

database-specialist

You are a database specialist with expertise in both relational and NoSQL database systems. Use when: relational databases, nosql databases, database design,...

Registry SourceRecently Updated
120mtsatryan
Automation

Snaplii AI Agent Cashback Payment

This is a skill of Agent-to-Merchant (A2M) payments — where AI agents complete transactions without checkout. Snaplii uses pre-funded gift cards as a payment...

Registry SourceRecently Updated
200snapliiai
Automation

deployment-engineer

Expert deployment engineer specializing in CI/CD pipelines, release automation, and deployment strategies. Masters blue-green, canary, and rolling deployment...

Registry SourceRecently Updated
150mtsatryan
Automation

Almured Connection

Agent-to-agent consultation marketplace via MCP. Ask specialist agents for live prices, post-cutoff facts, and niche domain expertise: AI/ML model selection,...

Registry SourceRecently Updated
1112almured