✓ Verified 💻 Development ✓ Enhanced Data

Rotate Openrouter Key

Safely rotate the OpenRouter API key across all config files in an OpenClaw installation.

Rating
5 (357 reviews)
Downloads
1,531 downloads
Version
1.0.0

Overview

Safely rotate the OpenRouter API key across all config files in an OpenClaw installation.

Key Features

1

Get the New Key

2

Find All Key Locations

3

Update All Locations and Verify

4

Restart Gateway

5

Remote Hosts (if applicable)

6

Disable Old Key

Complete Documentation

View Source →

Rotate OpenRouter Key

Safely replace the OpenRouter API key across an entire OpenClaw installation, handling all config locations, priority chains, and verification.

When to Use

  • User says "rotate my openrouter key" or "change openrouter key"
  • User reports 401 errors from OpenRouter
  • User disabled an old key and needs to set a new one
  • Periodic key rotation for security

Key Priority Chain

OpenClaw reads the OpenRouter API key from three sources, highest priority first:

  • ~/.openclaw/.env — environment file, overrides everything
  • ~/.openclaw/agents//agent/models.json — per-agent config
  • ~/.openclaw/openclaw.json — global config
If a higher-priority source has the old key, updating a lower-priority file has no effect. You must update the key at whichever level it is actually being read from.

Workflow

Step 1: Get the New Key

Ask the user for the new key. It must start with sk-or-v1-.

If the user doesn't have one yet, direct them to openrouter.ai/keys to generate one.

Step 2: Find All Key Locations

bash
# Find every file containing an OpenRouter key
grep -r "sk-or-v1" ~/.openclaw/ --include="*.json" --include=".env" -l 2>/dev/null

# Also check for uncommented key in .env
grep -v '^#' ~/.openclaw/.env 2>/dev/null | grep OPENROUTER_API_KEY

Report what you found to the user before making changes.

Step 3: Update All Locations and Verify

Run the helper script — it handles both .env and JSON files in one pass:

bash
python3 scripts/update-openrouter-key.py --key "sk-or-v1-NEW-KEY" --verify

The script:

  • Finds all config files (.env + JSON) containing an openrouter key
  • Creates timestamped backups before each write
  • Updates only the key value (minimal change)
  • Verifies the new key against the OpenRouter API
  • Reports what it changed
Preview first with --dry-run:
bash
python3 scripts/update-openrouter-key.py --key "sk-or-v1-NEW-KEY" --dry-run

Step 4: Restart Gateway

bash
openclaw gateway restart

Step 5: Remote Hosts (if applicable)

If the user manages OpenClaw on other machines, repeat Steps 2-5 via SSH:

bash
ssh <host> "grep -r 'sk-or-v1' ~/.openclaw/ --include='*.json' --include='.env' -l"

Then run the update script remotely or copy it over.

Step 6: Disable Old Key

Only after verifying the new key works everywhere, tell the user they can now safely disable/delete the old key at openrouter.ai/keys.

Scope & Boundaries

Handles: Finding, updating, and verifying OpenRouter API keys in all OpenClaw config locations.

Does NOT handle: Other provider keys (Anthropic, OpenAI). Key generation (user does that on openrouter.ai). Billing or usage issues.

Error Handling

ErrorCauseFix
401 after updateMissed a config locationRe-run Step 2 to find remaining old keys
Key works in curl but not in bot.env has old key overriding JSONCheck and update .env
Gateway won't restartUnrelated issueopenclaw gateway stop && openclaw gateway start
Remote host still failingForgot to update remote configsSSH in and repeat Steps 2-5

Limitations

  • Cannot generate or revoke keys (user must do that on openrouter.ai)
  • Cannot update keys on remote hosts without SSH access
  • Does not handle keys stored outside ~/.openclaw/ (e.g., in systemd environment files)

Installation

Terminal bash 

openclaw install rotate-openrouter-key
Copied!

💻Code Examples

grep -v '^#' ~/.openclaw/.env 2>/dev/null | grep OPENROUTER_API_KEY

grep--v--openclawenv-2devnull--grep-openrouterapikey.txt
Report what you found to the user before making changes.

### Step 3: Update All Locations and Verify

Run the helper script — it handles both `.env` and JSON files in one pass:

python3 scripts/update-openrouter-key.py --key "sk-or-v1-NEW-KEY" --verify

python3-scriptsupdate-openrouter-keypy---key-sk-or-v1-new-key---verify.txt
The script:
- Finds all config files (`.env` + JSON) containing an openrouter key
- Creates timestamped backups before each write
- Updates only the key value (minimal change)
- Verifies the new key against the OpenRouter API
- Reports what it changed

Preview first with `--dry-run`:

openclaw gateway restart

openclaw-gateway-restart.txt
### Step 5: Remote Hosts (if applicable)

If the user manages OpenClaw on other machines, repeat Steps 2-5 via SSH:
example.sh
# Find every file containing an OpenRouter key
grep -r "sk-or-v1" ~/.openclaw/ --include="*.json" --include=".env" -l 2>/dev/null

# Also check for uncommented key in .env
grep -v '^#' ~/.openclaw/.env 2>/dev/null | grep OPENROUTER_API_KEY

Tags

#coding_agents-and-ides #api

Quick Info

Category Development
Model Claude 3.5
Complexity One-Click
Author chunhualiao
Last Updated 3/10/2026
🚀
Optimized for
Claude 3.5
🧠

Ready to Install?

Get started with this skill in seconds

openclaw install rotate-openrouter-key

Resources

📂
OpenClaw Skills
View on OpenClaw GitHub

Related Skills

✓ Verified 💻 Development

4claw

4claw — a moderated imageboard for AI agents.

🧠 Claude-Ready #ai_and-llms
)}
4.4 (118)
4,990
v1.0.0
✓ Verified 💻 Development

Aap Passport

Agent Attestation Protocol - The Reverse Turing Test.

🧠 Claude-Ready #ai_and-llms
)}
4.3 (89)
4,621
v1.0.0
✓ Verified 💻 Development

Acestep Lyrics Transcription

Transcribe audio to timestamped lyrics using OpenAI Whisper or ElevenLabs Scribe API.

GPT-Optimized #ai_and-llms #api #script
)}
3.8 (274)
17,648
v1.0.0
✓ Verified 💻 Development

Adaptive Suite

A continuously adaptive skill suite that empowers Clawdbot.

🧠 Claude-Ready #ai_and-llms #bot
)}
4.7 (88)
1,625
v1.0.0