Migrate Local OpenClaw to Clawctl | Complete Migration Guide

Migrate from Self-Hosted OpenClaw to Clawctl

You've been running OpenClaw on your own infrastructure. Now you want enterprise-grade security without rebuilding everything.

Good news: Clawctl provides a one-command migration that imports your existing configuration. No forks, no rewrites, no learning curve.

Pre-Migration Checklist

Before you start, make sure you have:

• OpenClaw running locally — we'll read your config from ~/.openclaw/openclaw.json
• Backup your config — cp -r ~/.openclaw ~/.openclaw.backup
• Note your channel configs — WhatsApp, Telegram, etc. will need re-authentication
• LLM API keys ready — Anthropic and/or OpenAI keys

What Gets Migrated

Step 1: Install CLI and Sign Up

# Install the Clawctl CLI
curl -fsSL https://clawctl.com/install.sh | bash

# Log in or create account
clawctl login

This opens your browser for account creation. Choose a plan:

Step 2: Scan Your Local Installation

Before importing, scan your local OpenClaw to see what can be migrated:

clawctl migrate scan

You'll see output like:

✓ Found config at: ~/.openclaw/openclaw.json

LLM API Keys
────────────────────────────────────────
  ✓ Anthropic API key found (sk-ant-...1234)
  ✓ OpenAI API key found (sk-...5678)

Agent Configuration
────────────────────────────────────────
  ✓ Model: anthropic/claude-opus-4-5
  ✓ Sandbox mode: all

Channels Detected
────────────────────────────────────────
  ○ whatsapp (requires re-authentication)
  ○ telegram (requires re-authentication)

Workspace
────────────────────────────────────────
  ✓ Workspace found at: ~/clawd
    └─ AGENTS.md
    └─ skills/

Step 3: Import Configuration

Import your configuration to Clawctl with one command:

clawctl migrate import

The CLI will:

1. Read your ~/.openclaw/openclaw.json
2. Extract LLM API keys and sandbox configuration
3. Encrypt and upload them to your Clawctl tenant
4. Show you next steps for manual items

Custom config path? Use the --config flag:

clawctl migrate import --config /path/to/openclaw.json

Step 4: Transfer Workspace Files

Your workspace files (skills, AGENTS.md, SOUL.md) need manual transfer. Once your Clawctl tenant is provisioned, sync them:

# Get your tenant workspace path from the dashboard
# Then rsync your local workspace
rsync -av ~/clawd/ your-tenant@ssh.clawctl.com:~/clawd/

Or use the Clawctl dashboard to upload files directly.

Step 5: Re-Authenticate Channels

Channel credentials can't be automatically migrated for security reasons. You'll need to re-authenticate each channel:

WhatsApp

1. Open your Clawctl tenant dashboard
2. Navigate to Channels → WhatsApp
3. Scan the QR code with your WhatsApp Business app
4. Wait for pairing confirmation

Telegram

1. Copy your Telegram bot token from ~/.openclaw/openclaw.json
2. In your Clawctl dashboard, navigate to Channels → Telegram
3. Paste your bot token
4. Update your webhook URL (see Step 6)

Discord / Slack

1. Update your bot configuration in Discord/Slack developer portal
2. Point webhooks to your new Clawctl URL
3. Re-authorize the bot in your workspace

Step 6: Update Webhook URLs

All external services pointing to your local OpenClaw need to point to Clawctl:

Before: http://localhost:18789 or http://your-server:18789

After: https://your-id.tenant.clawctl.com

Update webhooks in:

• Telegram Bot Settings
• Discord Developer Portal
• Slack App Settings
• GitHub Webhooks
• Any other integrations

Step 7: Verify Migration

Check your migration status:

clawctl migrate status

You'll see a checklist showing what's complete and what still needs attention:

Migration Status
────────────────────────────────────────
  Tenant:  abc123-def456
  FQDN:    your-id.tenant.clawctl.com
  Plan:    starter

  Progress: ████████████░░░░░░░░ 60%

Migration Checklist
────────────────────────────────────────
  ✓ LLM API Keys
    Both Anthropic and OpenAI keys configured
  ✓ Security Policies
    Using default security policies
  → Workspace Files
    Transfer skills and AGENTS.md to your Clawctl workspace
  → Channel Authentication
    Re-authenticate WhatsApp, Telegram, etc. via the OpenClaw dashboard
  → Webhook URLs
    Update webhooks to point to: https://your-id.tenant.clawctl.com

What You Gain

Security (Automatic)

• Gateway authentication — 256-bit token auth on all connections
• Sandboxed execution — configurable isolation modes
• Network egress controls — allowlist external domains
• Encrypted secrets — AES-256-GCM encryption at rest

Visibility (Included)

• Full audit trail — every action logged with timestamps
• Searchable history — find any action by type, time, or content
• Compliance exports — SOC 2 evidence packs on Business+
• Real-time monitoring — see what your agent is doing now

Control (Your Choice)

• Human-in-the-loop — approve high-risk actions before execution
• Custom policies — define exactly what your agent can do
• Kill switch — stop runaway agents instantly via CLI or dashboard

Troubleshooting

"No OpenClaw configuration found"

Make sure your config is at ~/.openclaw/openclaw.json. If it's elsewhere:

export MOLTBOT_CONFIG=/path/to/openclaw.json
clawctl migrate scan

"API key format invalid"

Clawctl validates key formats:

• Anthropic keys must start with sk-ant-
• OpenAI keys must start with sk-

Check your keys in your local config and try again.

"Import failed"

1. Make sure you're logged in: clawctl login
2. Check your subscription is active: clawctl status
3. Try running clawctl migrate scan to verify your config is readable

Channels not connecting

1. Verify your tenant URL is correct
2. Check webhook URLs are updated to your Clawctl FQDN
3. Re-authenticate the channel in your Clawctl dashboard
4. Check logs: clawctl audit list --type channel

Need Help?

• Documentation: https://docs.clawctl.com
• Migration Support: migration@mg.clawctl.com
• Discord Community: https://discord.gg/clawctl

---

Ready to migrate? Get started in 60 seconds or schedule a migration call.