fix(bootstrap): drop leading slash from Secrets Manager names (closes #62)#63
Merged
Merged
Conversation
added 2 commits
May 13, 2026 11:01
…62) OpenClaw's exec secret reference (exec:aws-sm:<name>) requires the secret name to start with an alphanumeric character per its regex: /^[A-Za-z0-9][A-Za-z0-9._:/-]{0,255}$/ The previous docs instructed users to create '/faststart/telegram-bot-token', which AWS Secrets Manager accepts but causes the openclaw gateway to fail startup with SECRETS_RELOADER_DEGRADED. Changes: - BOOTSTRAP-TELEGRAM.md: rename secret to 'faststart/telegram-bot-token' in all 7 references, plus add an explanatory note on the constraint - BOOTSTRAP-PIPELINE-NOTIFICATIONS.md: same rename for telegram-bot-token and github-token references - BOOTSTRAP-CODING-GUIDELINES.md: update naming convention to clarify Secrets Manager (no leading slash) vs SSM Parameter Store (leading slash is fine) — these have different rules Reported by @maxberta-ait.
Same constraint as #62 — Secrets Manager names used as exec secret references must start with an alphanumeric character. Updating the install.sh help text so the example doesn't propagate the broken pattern.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Reported in #62 by @maxberta-ait.
bootstraps/telegram/BOOTSTRAP-TELEGRAM.mdinstructs users to create the bot-token secret as:```
aws secretsmanager create-secret --name /faststart/telegram-bot-token ...
```
AWS accepts the leading
/, but OpenClaw's gateway rejects it on startup:```
[secrets] [SECRETS_RELOADER_DEGRADED] Error: Exec secret reference id must
match /^[A-Za-z0-9][A-Za-z0-9._:/-]{0,255}$/ ... (ref: exec:aws-sm:/faststart/telegram-bot-token).
Gateway failed to start: required secrets are unavailable.
```
The first character must be alphanumeric — slashes are allowed inside the name as separators, just not at the start.
Fix
faststart/telegram-bot-tokenin all 7 references; add an explanatory note next to thecreate-secretcommand so future readers know why.telegram-bot-tokenandgithub-token(consistency; same constraint applies).Verification
```
$ grep -rn "/faststart/telegram-bot-token|name /faststart" bootstraps/
(no matches)
```
Closes #62.