Configure

openclaw configure

Interactive prompt for targeted changes to an existing setup: credentials, devices, agent defaults, gateway, channels, plugins, skills, and health checks.

Use openclaw onboard for the full guided first-run journey, openclaw setup for the baseline config/workspace only, and openclaw channels add when you only need channel account setup.

Note

The Model section includes a multi-select for the agents.defaults.models allowlist (what shows up in /model and the model picker). Provider-scoped setup choices merge their selected models into the existing allowlist instead of replacing unrelated providers already in the config.

Re-running provider auth from configure preserves an existing agents.defaults.model.primary, even when the provider’s auth step returns a config patch with its own recommended default model. That means adding or reauthing xAI, OpenRouter, or another provider should make the new model available without taking over from your current primary model. Use `openclaw models auth login —provider

—set-defaultoropenclaw models set

` when you intentionally want to change the default model.

When configure starts from a provider auth choice, the default-model and allowlist pickers prefer that provider automatically. For paired providers such as Volcengine and BytePlus, the same preference also matches their coding-plan variants (volcengine-plan/*, byteplus-plan/*). If the preferred-provider filter would produce an empty list, configure falls back to the unfiltered catalog instead of showing a blank picker.

Tip

openclaw config without a subcommand opens the same wizard. Use openclaw config get|set|unset for non-interactive edits.

For web search, openclaw configure --section web lets you choose a provider and configure its credentials. Some providers also show provider-specific follow-up prompts:

• Grok can offer optional x_search setup with the same xAI OAuth profile or API key and let you pick an x_search model.
• Kimi can ask for the Moonshot API region (api.moonshot.ai vs api.moonshot.cn) and the default Kimi web-search model.

Related:

• Gateway configuration reference: Configuration
• Config CLI: Config

Options

• `—section

`: repeatable section filter

Available sections:

• workspace
• model
• web
• gateway
• daemon
• channels
• plugins
• skills
• health

Notes:

• The full wizard and gateway-related sections ask where the Gateway runs and update gateway.mode. Section filters that do not include gateway, daemon, or health go directly to the requested setup.
• After local config writes, configure installs selected downloadable plugins when the chosen setup path requires them. Remote gateway config does not install local plugin packages.
• Channel-oriented services (Slack/Discord/Matrix/Microsoft Teams) prompt for channel/room allowlists during setup. You can enter names or IDs; the wizard resolves names to IDs when possible.
• If you run the daemon install step, token auth requires a token, and gateway.auth.token is SecretRef-managed, configure validates the SecretRef but does not persist resolved plaintext token values into supervisor service environment metadata.
• If token auth requires a token and the configured token SecretRef is unresolved, configure blocks daemon install with actionable remediation guidance.
• If both gateway.auth.token and gateway.auth.password are configured and gateway.auth.mode is unset, configure blocks daemon install until mode is set explicitly.

Examples

openclaw configure
openclaw configure --section web
openclaw configure --section model --section channels
openclaw configure --section gateway --section daemon

Related

• CLI reference
• Configuration