OneCLI: Open-Source Credential Vault for AI Agents
What OneCLI Solves
AI agents are frequently given raw API keys for accessing external services, creating security risks. OneCLI addresses this by acting as a credential vault that sits between agents and the services they call. Instead of baking API keys into every agent, you store credentials once in OneCLI's encrypted vault and give agents placeholder keys (like FAKE_KEY).
How It Works
When an agent makes an HTTP call through the OneCLI proxy, the gateway matches the request by host and path patterns, verifies the agent should have access, swaps the placeholder for the real credential, and forwards the request. The agent never touches the actual secret—it just uses CLI or MCP tools as normal.
Technical Architecture
- Rust Gateway: Fast HTTP gateway that intercepts outbound requests and injects credentials. Agents authenticate with access tokens via Proxy-Authorization headers.
- Web Dashboard: Next.js app for managing agents, secrets, and permissions (port 10254).
- Secret Store: AES-256-GCM encrypted credential storage. Secrets are decrypted only at request time.
- Embedded Database: Runs with embedded PGlite (PostgreSQL-compatible) or can use external PostgreSQL.
Quick Start
Run locally with Docker:
docker run --pull always -p 10254:10254 -p 10255:10255 -v onecli-data:/app/data ghcr.io/onecli/onecliThen open http://localhost:10254, create an agent, add your secrets, and point your agent's HTTP gateway to localhost:10255.
Key Features
- Transparent credential injection: agents make normal HTTP calls
- Encrypted secret storage with AES-256-GCM encryption at rest
- Host and path pattern matching for routing secrets to specific API endpoints
- Multi-agent support with scoped permissions per agent
- No external dependencies in single-container mode
- Two auth modes: single-user (no login) for local use, or Google OAuth for teams
- Apache-2.0 licensed
Compatibility
Works with any agent framework (OpenClaw, NanoClaw, IronClaw, or anything that can set an HTTPS_PROXY). The project is structured with the Rust proxy on port 10255 and Next.js dashboard on port 10254.
📖 Read the full source: HN AI Agents
👀 See Also
AI-Built Apps Are Fragile: Why Small Changes Break Data Isolation and Permissions
Developers report that AI-generated apps (via Claude Code, Cursor) silently break login, permissions, and data isolation when small changes are made, because AI models lack understanding of original system intent like ownership rules.
Cloak tool replaces chat passwords with self-destructing links for OpenClaw agents
Cloak is an open source tool that replaces passwords shared in chat with OpenClaw agents with self-destructing links. Each link can only be opened once, then the password disappears, preventing passwords from accumulating in chat histories.
Secure Administrator Approval Flow for Group-Chat Assistants Against Prompt Injection
A practical approach to secure LLM assistants in shared group chats: pausing VM, OAuth, and code execution tools until admin approves via a timed link.
Clawndom: A Security Hook for Claude Code to Block Vulnerable npm Packages
A developer built Clawndom, an open-source hook for Claude Code that checks npm packages against the OSV.dev vulnerability database before installation, blocking known vulnerable packages while maintaining agent autonomy.