Safe handling for Binance and model provider credentials.
DragonClaw may use two credential classes:
LLM provider keys
Binance trading keys
Enable only Read and Spot Trading
Never enable Withdraw
Restrict the key to your server IP
Start on testnet first
Revoke the key immediately if you suspect compromise
Keep provider keys server-side only
Avoid embedding them in browser clients
Use different keys for dev and prod
Rotate keys when staff or infra changes
DragonClaw is built to keep secrets encrypted at rest.
Even with that protection, you should still treat the host as sensitive infrastructure.
Last updated 2 hours ago
