Bitwarden Agent Access SDK integrates with OneCLI for secure credential injection
What this is
Bitwarden has launched an Agent Access SDK that allows AI agents to request credentials from Bitwarden's vault through a human approval workflow. OneCLI is an open-source gateway that implements this SDK by sitting between agents and external APIs, injecting credentials into requests at the network layer.
How it works
Instead of agents fetching and storing API keys in memory (where they're extractable, loggable, and vulnerable to prompt injection), this approach keeps credentials encrypted in Bitwarden's vault until explicitly approved. When an agent needs a credential, it requests access through Bitwarden's SDK, the user approves via Bitwarden CLI, and OneCLI injects the credential into outgoing API requests without the agent ever seeing the raw value.
Key features and configuration
OneCLI proxies every API call the agent makes and handles policy enforcement. The source provides these configuration examples:
# Configure Bitwarden as credential source
onecli provider add bitwarden \
--vault-url "https://vault.bitwarden.com"
Rate-limit API calls per service
onecli rules create
--name "Stripe rate limit"
--host-pattern "api.stripe.com"
--action rate_limit
--rate-limit 10
--rate-window 1h
Bitwarden adds a mature approval workflow backed by enterprise key management. When a user approves a credential request, OneCLI handles the injection and policy enforcement on every subsequent API call.
What users get
- Credentials stay in Bitwarden's encrypted vault until explicitly approved by a human
- OneCLI proxies every API call the agent makes, injecting credentials at the network layer
- Rate limiting and policy enforcement apply to every proxied request
- Audit trail covers both approval (Bitwarden side) and usage (OneCLI side)
- Works with any agent framework that makes HTTP calls to external services
Availability
Both projects are open source. Bitwarden's Agent Access SDK is at github.com/bitwarden/agent-access and OneCLI is at github.com/onecli/onecli. The integration is currently in alpha.
📖 Read the full source: HN AI Agents
👀 See Also
Mass NPM & PyPI Supply Chain Attack Hits TanStack, Mistral AI, and 170+ Packages
A coordinated attack compromised 170+ npm packages and 2 PyPI packages, targeting TanStack (42 packages), Mistral AI SDKs, UiPath, OpenSearch, and Guardrails AI. Malicious versions execute a dropper that exfiltrates credentials and probes cloud metadata.
AI System Discovers 12 OpenSSL Zero-Days, Curl Cancels Bug Bounty Due to AI Spam
AISLE's AI system discovered all 12 zero-day vulnerabilities in OpenSSL's recent security release, marking the first large-scale demonstration of AI-based cybersecurity. Meanwhile, curl cancelled its bug bounty program due to AI-generated spam submissions.
OpenClaw Security Alert: 500,000 Public Instances, Default Config Exposes Systems
A security analysis reveals 500,000 OpenClaw instances are publicly accessible, with 30,000 having known security risks and 15,000 exploitable through known vulnerabilities. The default installation disables authentication and binds to 0.0.0.0, exposing agent setups to the open internet.
Agent Passport: Identity Verification for AI Agents
Agent Passport is an open-source identity verification layer using Ed25519 authentication and JWT tokens for AI agents, addressing the problem of agent impersonation.