OneCLI: Open-Source Credential Vault for AI Agents — Store Once, Inject Anywhere
**OneCLI** is an open-source credential vault that acts as a secure gateway between AI agents and the services they call. Instead of embedding API keys directly into agent prompts or configuration files, developers store credentials once in OneCLI — and the gateway injects them transparently at runtime. Agents make normal HTTP calls through the gateway at localhost:10255, which matches each request to the right credentials, decrypts them with AES-256-GCM, and injects them as headers or query parameters. The agent never sees the real secrets, dramatically reducing the attack surface.
Built with a **Rust gateway** for speed and a **Next.js web dashboard** for management, OneCLI supports host & path-based secret routing, multi-agent token scoping, Bitwarden and 1Password vault integrations, and both single-user and Google OAuth multi-user modes. Getting started is a single command: curl -fsSL https://onecli.sh/install | sh.
## Core Technical Highlights
- **Rust Gateway** — The credential injection engine is written in Rust for memory safety and performance, intercepting HTTP traffic at the proxy layer and handling HTTPS via MITM
- **AES-256-GCM Encrypted Storage** — All secrets are encrypted at rest; decryption happens only at the moment of injection, so credentials never sit in plaintext on disk
- **Vault Provider Architecture** — OneCLI abstracts credential sources behind a VaultProvider trait, currently supporting native storage, Bitwarden, and an incoming 1Password Connect integration, making it easy to plug in existing password managers
- **Scoped Multi-Agent Access Tokens** — Each agent gets its own access token with granular permissions, so you can limit which services an agent can call and audit access centrally
## From the English Community
**1. 1Password Integration (Issue #113 — 15 comments)**
When contributor @yaniv-golan submitted a comprehensive PR adding 1Password vault provider support, maintainer @johnnyfish praised the design: *"The SSRF protection, encrypted token storage, credential caching, and the concurrent provider lookup with grace period are all really solid. The test coverage is thorough too."* Before building the UI, they discussed simplifying the setup model — comparing against Anchor Browser's approach of a single op:// reference per hostname, since the proxy primarily injects API keys as Authorization headers. The team agreed on the op://hostname/item shorthand for v1, deferring domain-based URL search to v2.
**2. GitHub OAuth vs GitHub Apps (Issue #192 — 13 comments)**
A user opened an issue explaining why GitHub OAuth Apps don't fit OneCLI's security model: *"GitHub OAuth apps' permission model is too wide — essentially allowing you to access all repositories that the user has access to. The GitHub Apps' installation is precisely the mechanism you need to narrow down the scope of the token to only selected repos."* Maintainer @guyb1 acknowledged the limitation and opened a PR to clarify the current OAuth App support in the UI, while the team discussed extending the AppDefinition shape to properly support GitHub Apps with their separate installation flow.
**3. Secret Injection in Query Parameters (Issue #194 — 6 comments)**
When @jeffmaury submitted a PR to extend secret injection beyond HTTP headers, contributor @fbricon pointed to a real-world example: *"You can find an example of API key passed as query parameter in the Google AI API docs — generativelanguage.googleapis.com/v1beta/models/gemini-2.0-flash:generateContent?key=$GEMINI_API_KEY."* This highlighted that many APIs (especially Google Cloud services) require API keys as URL parameters rather than headers, which OneCLI now supports through the gateway's flexible secret injection system.
## Summary
OneCLI fills a critical gap in the AI agent stack: **credential security**. As agents increasingly need access to dozens of APIs and services, hardcoding keys or stuffing them in prompts is a liability. OneCLI provides a clean, open-source gateway that centralizes secret management, enforces access control per agent, and integrates with the tools teams already use (Bitwarden, 1Password, Google OAuth). The Rust gateway keeps things fast and memory-safe, while the Next.js dashboard makes configuration accessible without a CLI steep learning curve. If you're building AI agents that call external services, OneCLI is worth evaluating as your credential infrastructure layer.
**@onecli/onecli** — [GitHub Repository](https://github.com/onecli/onecli) | ⭐ 2,148 | TypeScript + Rust
微信扫一扫,分享到朋友圈
