Clawdbot Security
Secure your Clawdbot AI assistant deployment. Learn about authentication, authorization, encryption, and security best practices.
Clawdbot Security Overview
Security is critical for Clawdbot deployments. This guide covers authentication, authorization, encryption, and best practices for keeping your assistant secure.
Authentication
API Key Authentication
{
"security": {
"auth": {
"type": "apiKey",
"key": "${CLAWDBOT_API_KEY}"
}
}
}Token Authentication
{
"security": {
"auth": {
"type": "token",
"tokens": ["token1", "token2"]
}
}
}Authorization
Tool Permissions
Restrict available tools:
{
"tools": {
"deny": ["exec", "bash", "process"]
}
}Agent Isolation
Each agent has isolated:
- Workspace files
- Session storage
- Auth profiles
- Tool permissions
Encryption
TLS Configuration
{
"gateway": {
"tls": {
"enabled": true,
"cert": "/path/to/cert.pem",
"key": "/path/to/key.pem"
}
}
}Secrets Management
{
"secrets": {
"provider": "env",
"prefix": "CLAWDBOT_SECRET_"
}
}Network Security
IP Allowlist
{
"security": {
"network": {
"allowedIPs": [
"192.168.1.0/24",
"10.0.0.0/8"
]
}
}
}Rate Limiting
{
"security": {
"rateLimit": {
"enabled": true,
"requests": 60,
"window": 60000
}
}
}Sandbox Mode
Enable Sandboxing
{
"security": {
"sandbox": {
"enabled": true,
"provider": "docker"
}
}
}Sandbox Options
| Option | Description |
|---|---|
docker | Docker container isolation |
firejail | Linux sandbox |
none | No sandboxing |
Access Control
User Allowlist
{
"security": {
"users": {
"allowList": ["+15551234567", "+15559876543"]
}
}
}Group Allowlist
{
"security": {
"groups": {
"allowList": ["[email protected]"]
}
}
}Audit Logging
Enable Audit Log
{
"security": {
"audit": {
"enabled": true,
"path": "~/.clawdbot/audit.log",
"events": ["auth", "message", "tool"]
}
}
}Audit Events
| Event | Description |
|---|---|
auth | Authentication attempts |
message | Message processing |
tool | Tool executions |
config | Configuration changes |
Best Practices
Environment Variables
- Never hardcode secrets
- Use
${VAR}syntax in config - Rotate keys regularly
Network
- Use TLS in production
- Restrict IP access
- Enable rate limiting
Tools
- Deny dangerous tools by default
- Use tool profiles
- Sandbox untrusted inputs
Monitoring
- Enable audit logging
- Monitor failed auth attempts
- Alert on suspicious activity
Security Checklist
- TLS enabled
- API key configured
- Dangerous tools denied
- Rate limiting enabled
- IP allowlist configured
- Audit logging enabled
- Secrets in environment variables
Next Steps
- Clawdbot Configuration - Configuration guide
- Clawdbot Troubleshooting - Debug issues
- Clawdbot Gateway - Gateway overview