OneCLI Hides Your API Keys From the Agents That Need Them
Here is the problem. You hand your AI agent a bunch of API keys so it can call services. The agent reads them, logs them, sometimes pastes them back to you in chat, sometimes ships them in error reports to a vendor. By the time you notice, your Stripe key has been forked into three contexts you cannot audit.
OneCLI fixes this the only way it can be fixed. The agent never sees the key. You store the credential once in OneCLI's encrypted vault. The CLI runs a Rust gateway on port 10255. When your agent makes an HTTP call, the gateway intercepts it and injects the real credential at request time. The agent's memory only ever holds a placeholder. AES-256-GCM at rest, decrypt only at the moment of use.
Repo gained roughly 1900 stars yesterday and is sitting around 2000 total with 44 releases β a quiet project that just hit the moment when everyone realized they needed it. Bitwarden vault integration if you already have one. Two auth modes: single-user local, or Google OAuth for teams with scoped tokens per agent. Next.js dashboard on port 10254 for inspection. Apache-2.0.
This is the seventh credential or sandbox primitive to ship in three weeks β Capsule, OpenClaw CLI sanctioning, GoModel, CrabTrap, Loomal, Agent Vault, now OneCLI. The pattern is clear. The first generation of agent products assumed the agent was trusted; the second generation is being built on the assumption that the agent will leak everything you give it. OneCLI is the simplest expression of that assumption so far.
Repo: https://github.com/onecli/onecli
← Back to all articles
OneCLI fixes this the only way it can be fixed. The agent never sees the key. You store the credential once in OneCLI's encrypted vault. The CLI runs a Rust gateway on port 10255. When your agent makes an HTTP call, the gateway intercepts it and injects the real credential at request time. The agent's memory only ever holds a placeholder. AES-256-GCM at rest, decrypt only at the moment of use.
Repo gained roughly 1900 stars yesterday and is sitting around 2000 total with 44 releases β a quiet project that just hit the moment when everyone realized they needed it. Bitwarden vault integration if you already have one. Two auth modes: single-user local, or Google OAuth for teams with scoped tokens per agent. Next.js dashboard on port 10254 for inspection. Apache-2.0.
This is the seventh credential or sandbox primitive to ship in three weeks β Capsule, OpenClaw CLI sanctioning, GoModel, CrabTrap, Loomal, Agent Vault, now OneCLI. The pattern is clear. The first generation of agent products assumed the agent was trusted; the second generation is being built on the assumption that the agent will leak everything you give it. OneCLI is the simplest expression of that assumption so far.
Repo: https://github.com/onecli/onecli
Comments