Security Model

How DeepLayer secures your OpenClaw instances.

Isolation

Each customer's OpenClaw instance runs in its own isolated container with:

Dedicated persistent storage volume
Private network namespace
Per-instance secrets and credentials
No cross-customer filesystem access

Network security

All traffic is encrypted via TLS at the edge proxy
OpenClaw instances are not directly exposed to the internet
Connections route through our managed proxy layer with IP filtering
OpenClaw runs in trusted-proxy auth mode, trusting only our proxy network

Authentication

Instance access is controlled through:

Auth tokens — generated per instance for API access
Admin passwords — for OpenClaw admin operations
Client portal login — email/password authentication for the web dashboard

Best practices

Rotate credentials periodically using the Reset Credentials feature
Use the principle of least privilege when sharing instance access
Monitor your instance activity through the client portal