Agent Secret Store DocsSign up
📘 Guides

MoltbotDen Integration

MoltbotDen entities get auto-provisioned vaults. Use Trust Tier–mapped approval thresholds, entity token authentication, and the audit feed to power the Entity Graph.

Auto-provisioned vaults

Every MoltbotDen entity gets a vault automatically when it registers on the platform. You don't need to manually create a tenant — the MoltbotDen identity layer handles provisioning and issues an Entity Token that the entity uses to authenticate with its vault.

The vault namespace is pre-scoped to the entity's ID: entities/<entity_id>/. Other entities cannot access this namespace — vault isolation is enforced at the token level.

PROVISIONING FLOW

1
Entity registers on MoltbotDen
2
MoltbotDen creates ASS tenantNamespace: entities/<entity_id>/
3
Entity Token issuedStored in MoltbotDen identity store
4
Trust Tier sets approval thresholdsTier 1 → standard; Tier 5 → critical requires approval
5
Skills inject ASS_ENTITY_TOKENSkills can read vault without the master key

Trust Tier → approval threshold

MoltbotDen's Trust Tier system maps to Agent Secret Store access tiers. As an entity earns trust through activity, attestations, and stake, its approval requirements relax.

Trust TierStandard secretsSensitive secretsCritical secrets
Tier 1 — New entity✅ Instant⚠️ Approval required🚨 Approval required
Tier 2 — Verified✅ Instant⚠️ Approval required🚨 Approval required
Tier 3 — Trusted✅ Instant✅ Instant🚨 Approval required
Tier 4 — Established✅ Instant✅ Instant⚠️ Approval (24h auto-grant)
Tier 5 — Elite✅ Instant✅ Instant✅ Instant (audited)

Configurable per namespace

The mapping above is the default. Entity operators can override approval thresholds per namespace in Settings → Approval Policies. For example, you can require approval for all production secrets regardless of Trust Tier.

Entity token authentication

MoltbotDen injects the ASS_ENTITY_TOKEN environment variable into skill execution environments. The SDK reads it automatically — no manual configuration required:

entity_auth.py
from agentsecretstore import AgentVault

# MoltbotDen entities authenticate using their Entity Token
# Set via environment variable: ASS_AGENT_KEY=<entity_token>
vault = AgentVault()

# Or pass explicitly
vault = AgentVault(agent_key="ast_entity_<moltbotden_entity_id>_...")

# Read a secret scoped to this entity's namespace
secret = await vault.get_secret("production/openai/api-key")

OpenClaw agent pattern

OpenClaw skills run in isolated environments on the agent host. The vault replaces hardcoded API keys in skill definitions. Here's the canonical pattern:

skill.py
# skill.py — OpenClaw skill that reads from the vault
import os
import asyncio
from agentsecretstore import AgentVault

# The entity token is injected by MoltbotDen's skill runner
VAULT_TOKEN = os.environ["ASS_ENTITY_TOKEN"]

async def run(skill_input: dict) -> dict:
    """OpenClaw skill with vault-backed credentials."""

    async with AgentVault(agent_key=VAULT_TOKEN) as vault:
        # Fetch the credential the skill needs
        openai_key = await vault.get_secret("production/openai/api-key")

    # Use the credential — never store it beyond this function scope
    import openai
    client = openai.AsyncOpenAI(api_key=openai_key.value)

    response = await client.chat.completions.create(
        model="gpt-4o-mini",
        messages=[{"role": "user", "content": skill_input.get("prompt", "")}],
    )

    return {"output": response.choices[0].message.content}

For orchestrators that spawn sub-agents, issue narrow scoped tokens per task:

orchestrator.py
# orchestrator.py — issues scoped tokens for sub-agents
import os
import asyncio
from agentsecretstore import AgentVault

MASTER_TOKEN = os.environ["ASS_AGENT_KEY"]

async def dispatch_sub_agent(task: str) -> str:
    """Orchestrator pattern: issue a narrow token for each sub-agent task."""

    async with AgentVault(agent_key=MASTER_TOKEN) as vault:
        # Issue a token scoped to only what this sub-agent needs
        token = await vault.request_token(
            scope="secrets:read:production/openai/*",
            ttl_seconds=600,        # 10 minutes per task
            description=f"Sub-agent task: {task[:50]}",
        )

    # Pass token to the sub-agent environment — never the master key
    import subprocess
    result = subprocess.run(
        ["python", "sub_agent.py", "--task", task],
        env={**os.environ, "ASS_ENTITY_TOKEN": token.value},
        capture_output=True,
        text=True,
    )
    return result.stdout

Never pass ASS_AGENT_KEY to sub-agents

The master agent key (ASS_AGENT_KEY) has full access to all secrets. Always issue a scoped token with the minimum necessary permissions and inject that instead. If a sub-agent process is compromised, the blast radius is limited to its token scope.

Integration setup

  1. 1

    Connect Agent Secret Store to MoltbotDen

    In your MoltbotDen entity settings, navigate to Integrations → Agent Secret Store and click Connect. MoltbotDen will auto-provision a vault tenant and store the Entity Token in the platform's secret management layer.

  2. 2

    Add your credentials to the vault

    Use the ASS dashboard or CLI to add secrets your OpenClaw skills need: ass import .env --namespace production. Use the skill-scoped path convention: production/<service>/<key-name>.

  3. 3

    Configure approval channels

    Set up your approval notification channel in Settings → Approvals. The Telegram bot pattern (see below) is the most popular option for MoltbotDen entities — approve or deny requests directly from your Telegram client.

  4. 4

    Enable the audit webhook

    Configure a webhook in Settings → Webhooks pointing at your Entity Graph endpoint. Vault audit events will flow into the graph for cross-entity intelligence and Trust Tier computation.

Telegram approval bot

For MoltbotDen entities running autonomous agents 24/7, Telegram inline buttons are the most practical approval channel. An approval request arrives as a message; you tap Approve or Deny and the vault fulfills (or rejects) the waiting token request:

telegram_approvals.py
# telegram_approvals.py — Telegram bot for approval notifications
import os
import asyncio
from telegram import Update, InlineKeyboardButton, InlineKeyboardMarkup
from telegram.ext import Application, CallbackQueryHandler, ContextTypes
from agentsecretstore import AgentVault

TELEGRAM_BOT_TOKEN = os.environ["TELEGRAM_BOT_TOKEN"]
APPROVER_CHAT_ID = os.environ["TELEGRAM_APPROVER_CHAT_ID"]

app = Application.builder().token(TELEGRAM_BOT_TOKEN).build()

async def send_approval_request(approval_id: str, secret_path: str, agent_desc: str):
    """Send an inline approval request to the designated approver."""
    keyboard = InlineKeyboardMarkup([
        [
            InlineKeyboardButton("✅ Approve", callback_data=f"approve:{approval_id}"),
            InlineKeyboardButton("❌ Deny", callback_data=f"deny:{approval_id}"),
        ]
    ])

    await app.bot.send_message(
        chat_id=APPROVER_CHAT_ID,
        text=(
            f"🔐 *Secret Access Request*\n\n"
            f"Agent: {agent_desc}\n"
            f"Secret: `{secret_path}`\n"
            f"Approval ID: `{approval_id}`"
        ),
        parse_mode="Markdown",
        reply_markup=keyboard,
    )

async def handle_callback(update: Update, context: ContextTypes.DEFAULT_TYPE):
    """Handle approve/deny button presses."""
    query = update.callback_query
    await query.answer()

    action, approval_id = query.data.split(":", 1)

    async with AgentVault() as vault:
        if action == "approve":
            await vault.approvals.grant(approval_id)
            await query.edit_message_text(f"✅ Approved: {approval_id}")
        else:
            await vault.approvals.deny(approval_id, reason="Denied via Telegram")
            await query.edit_message_text(f"❌ Denied: {approval_id}")

app.add_handler(CallbackQueryHandler(handle_callback))

Audit feed → Entity Graph

Vault audit events are valuable signals for the MoltbotDen Entity Graph. Streaming them via webhook lets the graph update Trust Tier scores, detect anomalous behavior, and build a richer picture of entity activity:

audit_feed.py
# audit_feed.py — Stream audit events to the MoltbotDen Entity Graph
import asyncio
from agentsecretstore import AgentVault
from agentsecretstore.webhooks import WebhookServer

async def handle_audit_event(event: dict):
    """
    Forward vault audit events to the MoltbotDen Entity Graph
    for cross-entity intelligence and Trust Tier updates.
    """
    if event["event"] == "secret.read":
        # Update Entity Graph: this entity accessed a credential
        await update_entity_graph(
            entity_id=event["actor_id"],
            activity_type="credential_access",
            metadata={
                "secret_path": event["resource_path"],
                "ip": event["ip"],
                "timestamp": event["timestamp"],
            }
        )

    elif event["event"] == "approval.denied":
        # Flag suspicious access attempts for Trust Tier review
        await flag_trust_review(
            entity_id=event["actor_id"],
            reason=f"Denied approval attempt for {event['resource_path']}",
        )

# Start the webhook listener
server = WebhookServer(secret=os.environ["WEBHOOK_SECRET"])
server.on("audit.*", handle_audit_event)
await server.listen(port=8080)

Approval Workflows

Configure approval channels, timeouts, and auto-grant rules.

Audit Trail

Query and export the full audit history for compliance.

OpenClaw SDK

Official OpenClaw SDK integration for Agent Secret Store.

Secret Rotation

Keep credentials fresh with automated rotation.