Migrate from Self-Hosted OpenClaw to Clawctl
You've been running OpenClaw on your own infrastructure. Now you want enterprise-grade security without rebuilding everything.
Good news: Clawctl makes migration straightforward. Sign up, enter your existing config in the dashboard, and you're running on secure infrastructure in minutes. No forks, no rewrites, no learning curve.
Pre-Migration Checklist
Before you start, gather these from your existing installation:
- LLM API keys — Open your
~/.openclaw/openclaw.jsonand copy your Anthropic and/or OpenAI keys - Backup your config —
cp -r ~/.openclaw ~/.openclaw.backup - Note your channel configs — WhatsApp, Telegram, etc. will need re-authentication
- Workspace files — Locate your skills, AGENTS.md, SOUL.md
What Gets Migrated
| Data | How | Effort |
|---|---|---|
| LLM API Keys | Enter in dashboard setup wizard | 30 seconds |
| Sandbox Config | Applied automatically by Clawctl | None |
| Security Policies | Default secure policies applied | None |
| Workspace Files | Upload via dashboard | Manual |
| Channel Auth | Re-authenticate in dashboard | Manual |
| Webhook URLs | Update endpoints | Manual |
Step 1: Sign Up for Clawctl
Head to clawctl.com/checkout and pick a plan:
| Plan | Price | Best For |
|---|---|---|
| Starter | $49/mo | Individual developers |
| Team | $299/mo | Teams with approval workflows |
| Business | $999/mo | Production systems, compliance |
Complete payment via Stripe. Your secure environment is provisioned automatically in under 60 seconds.
Step 2: Configure Your LLM Provider
The dashboard setup wizard walks you through it:
- Select your LLM provider — Anthropic, OpenAI, or others
- Paste your API key from your existing
~/.openclaw/openclaw.json - Clawctl validates the connection in real time
- Done — Your key is encrypted (AES-256-GCM) and injected at runtime
Clawctl validates key formats automatically:
- Anthropic keys must start with
sk-ant- - OpenAI keys must start with
sk-
Step 3: Transfer Workspace Files
Your workspace files (skills, AGENTS.md, SOUL.md) need manual transfer. Use the Clawctl dashboard to upload files directly to your tenant workspace.
Step 4: Re-Authenticate Channels
Channel credentials can't be automatically transferred for security reasons. Re-authenticate each channel in the dashboard:
- Open your Clawctl dashboard
- Navigate to Channels > WhatsApp
- Scan the QR code with your WhatsApp Business app
- Wait for pairing confirmation
Telegram
- Copy your Telegram bot token from
~/.openclaw/openclaw.json - In your Clawctl dashboard, navigate to Channels > Telegram
- Paste your bot token
- Update your webhook URL (see Step 5)
Discord / Slack
- Update your bot configuration in Discord/Slack developer portal
- Point webhooks to your new Clawctl URL
- Re-authorize the bot in your workspace
Step 5: Update Webhook URLs
All external services pointing to your local OpenClaw need to point to Clawctl:
Before: http://localhost:18789 or http://your-server:18789
After: https://your-id.tenant.clawctl.com
Your tenant URL is visible in the dashboard under Credentials. Update webhooks in:
- Telegram Bot Settings
- Discord Developer Portal
- Slack App Settings
- GitHub Webhooks
- Any other integrations
Step 6: Verify in the Dashboard
Open your Clawctl dashboard and confirm:
- Agent status shows "Running"
- LLM provider is connected and validated
- Channels show as active
- Audit logs are capturing events
Test your agent by sending a message through your connected channel or the built-in web chat.
What You Gain
Security (Automatic)
- Gateway authentication — 256-bit token auth on all connections
- Sandboxed execution — configurable isolation modes
- Network egress controls — allowlist external domains
- Encrypted secrets — AES-256-GCM encryption at rest
Visibility (Included)
- Full audit trail — every action logged with timestamps
- Searchable history — find any action by type, time, or content
- Compliance exports — SOC 2 evidence packs on Business+
- Real-time monitoring — see what your agent is doing now
Control (Your Choice)
- Human-in-the-loop — approve high-risk actions before execution
- Custom policies — define exactly what your agent can do
- Kill switch — stop runaway agents instantly from the dashboard
Troubleshooting
"API key format invalid"
Clawctl validates key formats in the dashboard:
- Anthropic keys must start with
sk-ant- - OpenAI keys must start with
sk-
Check your keys in your local ~/.openclaw/openclaw.json and try again.
Channels not connecting
- Verify your tenant URL is correct (check Credentials in the dashboard)
- Check webhook URLs are updated to your Clawctl FQDN
- Re-authenticate the channel in your Clawctl dashboard
- Check the audit logs in the dashboard for channel-related events
Need Help?
- Documentation: https://clawctl.com/docs
- Migration Support: migration@mg.clawctl.com
Ready to migrate? Get started in 60 seconds or schedule a migration call.