OneCLI: Open-Source Credential Vault for AI Agents

What OneCLI Solves
AI agents are frequently given raw API keys for accessing external services, creating security risks. OneCLI addresses this by acting as a credential vault that sits between agents and the services they call. Instead of baking API keys into every agent, you store credentials once in OneCLI's encrypted vault and give agents placeholder keys (like FAKE_KEY).
How It Works
When an agent makes an HTTP call through the OneCLI proxy, the gateway matches the request by host and path patterns, verifies the agent should have access, swaps the placeholder for the real credential, and forwards the request. The agent never touches the actual secret—it just uses CLI or MCP tools as normal.
Technical Architecture
- Rust Gateway: Fast HTTP gateway that intercepts outbound requests and injects credentials. Agents authenticate with access tokens via Proxy-Authorization headers.
- Web Dashboard: Next.js app for managing agents, secrets, and permissions (port 10254).
- Secret Store: AES-256-GCM encrypted credential storage. Secrets are decrypted only at request time.
- Embedded Database: Runs with embedded PGlite (PostgreSQL-compatible) or can use external PostgreSQL.
Quick Start
Run locally with Docker:
docker run --pull always -p 10254:10254 -p 10255:10255 -v onecli-data:/app/data ghcr.io/onecli/onecliThen open http://localhost:10254, create an agent, add your secrets, and point your agent's HTTP gateway to localhost:10255.
Key Features
- Transparent credential injection: agents make normal HTTP calls
- Encrypted secret storage with AES-256-GCM encryption at rest
- Host and path pattern matching for routing secrets to specific API endpoints
- Multi-agent support with scoped permissions per agent
- No external dependencies in single-container mode
- Two auth modes: single-user (no login) for local use, or Google OAuth for teams
- Apache-2.0 licensed
Compatibility
Works with any agent framework (OpenClaw, NanoClaw, IronClaw, or anything that can set an HTTPS_PROXY). The project is structured with the Rust proxy on port 10255 and Next.js dashboard on port 10254.
📖 Read the full source: HN AI Agents
👀 See Also

Five Essential Security Steps for OpenClaw Instances
A Reddit post warns that running OpenClaw with default settings creates significant security risks and outlines five immediate actions: change the default port, use Tailscale for private access, configure a firewall, create separate accounts for the agent, and scan skills before installation.

Claude Cage: Docker Sandbox for Claude Code Security
A developer created a Docker container called Claude Cage that isolates Claude Code to a single workspace folder, preventing access to SSH keys, AWS credentials, and personal files. The setup includes security rules and takes about 2 minutes with Docker installed.

Tool Authority Injection in LLM Agents: When Tool Output Overrides System Intent
A researcher demonstrates 'Tool Authority Injection' in a local LLM agent lab, showing how trusted tool output can be elevated to policy-level authority, silently changing agent behavior while sandbox and file access remain secure.

Open-source RAG attack and defense lab for local ChromaDB + LM Studio stacks
An open-source lab measures RAG knowledge base poisoning effectiveness on default local setups with ChromaDB and LM Studio, showing 95% success rate on undefended systems and evaluating practical defenses.