Building Custom AI Skills with InstructLab Taxonomy
Create domain-specific AI capabilities using InstructLab's taxonomy system—from writing skill definitions to generating synthetic training data and validating fine-tuned models.
AI
Security Hardening for OpenClaw on Azure
Luca Berton • • 3 min read
#openclaw#security#azure#hardening#https#tailscale#nsg#devops
🛡️ Why Security Matters for AI Gateways
OpenClaw sits between your AI models and your messaging platforms. A compromised gateway means:
- Unauthorized access to your AI model API keys
- Ability to impersonate your bot on connected channels
- Access to conversation history and user data
- Potential API cost exposure
OpenClaw takes security seriously with multiple layers of protection. Let’s configure them properly for Azure.
🔐 Layer 1: Gateway Authentication Token
The gateway token is the first line of defense. It’s auto-generated during docker-setup.sh and stored in .env:
cd ~/openclaw
grep OPENCLAW_GATEWAY_TOKEN .envBest practices
- Never share the token in plain text
- Rotate it periodically:
# Generate a new token NEW_TOKEN=$(openssl rand -hex 32) echo "New token: $NEW_TOKEN" # Update .env sed -i "s/OPENCLAW_GATEWAY_TOKEN=.*/OPENCLAW_GATEWAY_TOKEN=$NEW_TOKEN/" .env # Restart docker compose down docker compose up -d - Use a strong token — at least 32 hex characters
📱 Layer 2: Device Pairing
OpenClaw requires browsers to pair with the gateway before accessing the Control UI. This creates a device identity tied to the browser’s secure context.
How device pairing works
- Browser requests access → generates a device identity (requires HTTPS or localhost)
- Gateway stores the request as “pending”
- Operator approves via CLI
- Browser is paired and can authenticate
Managing devices
# List all paired and pending devices
docker compose run --rm openclaw-cli devices list
# Approve a pending device
docker compose run --rm openclaw-cli devices approve <requestId>
# Revoke a device (if supported)
docker compose run --rm openclaw-cli devices listBreak-glass access
If you’re locked out and can’t pair (e.g., no HTTPS, no localhost):
# Generate a direct dashboard URL with token
docker compose run --rm openclaw-cli dashboard --no-openWarning: The following flags should only be used temporarily for debugging:
gateway.controlUi.allowInsecureAuth— allows token-only auth over HTTPgateway.controlUi.dangerouslyDisableDeviceAuth— disables device checks entirely
🌐 Layer 3: Network Security (Azure NSG)
Azure Network Security Groups (NSGs) are your perimeter defense.
Recommended NSG rules
| Priority | Name | Port | Source | Action |
|---|---|---|---|---|
| 1000 | AllowSSH | 22 | Your IP | Allow |
| 1001 | AllowOpenClaw | 18789-18790 | Your IP | Allow |
| 65000 | DenyAll | * | * | Deny |
Setting up via Azure CLI
# Allow SSH from your IP only
az network nsg rule create \
--resource-group rg-openclaw \
--nsg-name vm-openclaw-01NSG \
--name AllowSSH \
--priority 1000 \
--destination-port-ranges 22 \
--source-address-prefixes "<YOUR_IP>" \
--protocol Tcp --access Allow
# Allow OpenClaw from your IP only (skip if using SSH tunnel)
az network nsg rule create \
--resource-group rg-openclaw \
--nsg-name vm-openclaw-01NSG \
--name AllowOpenClaw \
--priority 1001 \
--destination-port-ranges 18789 18790 \
--source-address-prefixes "<YOUR_IP>" \
--protocol Tcp --access AllowIf using SSH tunnel only
You don’t need the OpenClaw NSG rule at all — just allow SSH:
OPENCLAW_GATEWAY_BIND=loopback # in .env🔒 Layer 4: CORS Origin Enforcement
When the gateway binds to non-loopback, OpenClaw enforces browser origin checks.
Explicit origins (recommended)
docker compose run --rm openclaw-cli config set \
gateway.controlUi.allowedOrigins \
'["https://openclaw.yourdomain.com"]'Dangerous flags to avoid in production
| Flag | Risk Level | What it does |
|---|---|---|
dangerouslyAllowHostHeaderOriginFallback | High | Trusts Host header for origin checks |
dangerouslyDisableDeviceAuth | Critical | Disables device identity checks entirely |
allowInsecureAuth | Medium | Allows token-only auth without device pairing |
🔏 Layer 5: HTTPS with Tailscale (Optional but Recommended)
For production deployments with remote access, HTTPS is the gold standard. Tailscale Serve is the easiest way to add HTTPS to OpenClaw:
Install Tailscale on the VM
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale upExpose OpenClaw via Tailscale Serve
sudo tailscale serve https / http://127.0.0.1:18789Now access the Control UI at:
https://<your-machine-name>.<your-tailnet>.ts.net/Benefits:
- Automatic HTTPS certificates
- No public ports needed
- Device authentication works properly (secure context)
- Access from any Tailscale-connected device
🔍 Layer 6: Built-in Security Audit
OpenClaw includes a security audit command that checks your configuration:
docker compose run --rm openclaw-cli security auditThis command checks for:
| Check | Severity | What it flags |
|---|---|---|
| Missing allowed origins | Critical | Non-loopback UI without origin allowlist |
| Host-header fallback enabled | Warning/Critical | DNS rebinding risk |
| Insecure auth enabled | Warning | Token-only auth without device pairing |
| Device auth disabled | Critical | No device identity checks |
| Missing gateway auth | Warning | No token/password on gateway |
| Loopback without auth | Info | Localhost-only but no token |
Example audit output
The audit will report findings with severity levels and remediation suggestions. Address all critical findings before going to production.
📋 Security Checklist
Before running OpenClaw in production on Azure:
- Gateway token is strong (32+ hex chars) and stored securely
-
.envfile has restricted permissions (chmod 600 .env) - NSG rules restrict access to your IP(s) only
- Bind mode is
loopback(SSH tunnel) orlanwith explicitallowedOrigins - No
dangerous*flags enabled in production - Device pairing is active (not disabled)
-
security auditreports no critical findings - Bot tokens (Discord, etc.) are valid and not exposed
- HTTPS via Tailscale Serve or reverse proxy (for remote access)
- Regular token rotation schedule established
⏭️ Next Steps
Now let’s look at common deployment issues: Troubleshooting OpenClaw Docker Deployments.
📌 Need expert help with this topic?
Luca Berton
AI & Cloud Advisor with 18+ years experience. Author of 8 technical books, creator of Ansible Pilot. Speaker at KubeCon EU & Red Hat Summit 2026.
Related Articles
Accessing the OpenClaw Control UI Dashboard on Azure
How to access the OpenClaw Control UI dashboard from an Azure VM — via SSH tunnel (secure) or public IP. Covers device pairing, dashboard authentication, and the browser-based management interface.
Building a Persistent AI Agent Memory System with OpenClaw
End-to-end guide to building a complete persistent memory system for your OpenClaw AI agent. Combine memory flush, hybrid search, file-backed notes, SQLite indexing, and session hooks into a cohesive knowledge architecture.