Switching providers & rotating keys

Update or replace your provider key from Beach Settings — changes take effect immediately.

What this is

Your AI provider key lives in Beach Settings. You can update it, replace it, or switch to a different provider entirely at any time — Beach handles storing the key, OpenClaw handles using it for replies. Updates take effect on your agent's next message, with no restart and no downtime.

Where to do it

  1. Open Beach Settings.
  2. Find the AI Provider section.
  3. Pick the provider you want (Anthropic, OpenAI, Gemini, or OpenRouter).
  4. Paste the key.
  5. Save.

That's it. The next time your agent sends a message, it uses the new key.

How key storage works

Your key is encrypted at rest in a vault that only your own server can read. Nobody else's instance — and nobody at Beach — sees the raw key in normal operation. When you save a new key, the old one is overwritten in storage.

For more on how Beach handles secrets in general, see How your API keys are stored.

Switching providers

Switching providers is the same flow as rotating a key:

  1. Go grab a key from the new provider (see Choosing a provider for guides on each one).
  2. In Beach Settings → AI Provider, choose the new provider and paste the new key.
  3. Save.

Your agent uses the new provider starting with its next reply. Nothing else needs to change — your conversations, memory, channels, and skills all keep working.

Rotating a key (same provider)

Sometimes you just want to replace a key without changing providers — a key got leaked, you're cleaning up old keys, or your key was revoked.

  1. Generate a new key in your provider's dashboard.
  2. Paste it into Beach Settings (same provider, new key).
  3. Save.
  4. (Optional) Delete the old key in your provider's dashboard.

Common pitfalls

  • Whitespace when pasting. A trailing space or newline will make the key fail. Double-check before saving.
  • Old key revoked before the new one is in. If you delete the old key on the provider's side before pasting a new one into Beach, your agent goes silent in between. Paste the new key first, then revoke the old one.
  • Provider revoked the key on you. If a provider detects a leaked or unusual key, they can revoke it without warning. Symptoms: "invalid API key" errors. Generate a fresh key and paste it in.

Related