[Feature]: Platform-native secret storage (Keychain, secret-service) for API keys

[SWSAmor]

Description

Coming from OpenClaw, security was my #1 reason to switch. The "AES-256-GCM credential vault" in the README caught my eye.

Then I opened the Getting Started guide: export ANTHROPIC_API_KEY=sk-ant-...

Env vars are visible in ps eww, inherited by child processes (including WASM sandboxes, MCP servers, and shell_exec), and leak into logs and crash dumps. The config.toml alternative (api_key = "your-key") is literal plaintext on disk. Neither is meaningfully more secure than OpenClaw's secrets.json.

The AES-256-GCM vault in openfang-extensions only covers MCP OAuth2 credentials — not LLM API keys, not Telegram bot tokens, not the secrets that actually get stolen.

Proposal:

1. macOS: read secrets from Keychain via security CLI (2 lines of code, hardware-backed on Apple Silicon)
2. Linux: secret-service D-Bus API
3. Fallback: extend the existing AES-256-GCM vault to all secrets + add openfang vault CLI subcommand
4. Config references secrets by name: api_key_ref = "vault:anthropic_api_key"

This would make OpenFang the only agent framework with real platform-native credential storage. That's a genuine security differentiator — not just a line in a feature matrix.

API key leakage was my biggest problem with OpenClaw. Right now, OpenFang doesn't solve it. Would love to see this change. Great project otherwise — the Hands architecture is brilliant.

Alternatives Considered

No response

Additional Context

No response