OneCLI: Open-Source Credential Vault for AI Agents
What OneCLI Solves
AI agents are frequently given raw API keys for accessing external services, creating security risks. OneCLI addresses this by acting as a credential vault that sits between agents and the services they call. Instead of baking API keys into every agent, you store credentials once in OneCLI's encrypted vault and give agents placeholder keys (like FAKE_KEY).
How It Works
When an agent makes an HTTP call through the OneCLI proxy, the gateway matches the request by host and path patterns, verifies the agent should have access, swaps the placeholder for the real credential, and forwards the request. The agent never touches the actual secret—it just uses CLI or MCP tools as normal.
Technical Architecture
- Rust Gateway: Fast HTTP gateway that intercepts outbound requests and injects credentials. Agents authenticate with access tokens via Proxy-Authorization headers.
- Web Dashboard: Next.js app for managing agents, secrets, and permissions (port 10254).
- Secret Store: AES-256-GCM encrypted credential storage. Secrets are decrypted only at request time.
- Embedded Database: Runs with embedded PGlite (PostgreSQL-compatible) or can use external PostgreSQL.
Quick Start
Run locally with Docker:
docker run --pull always -p 10254:10254 -p 10255:10255 -v onecli-data:/app/data ghcr.io/onecli/onecliThen open http://localhost:10254, create an agent, add your secrets, and point your agent's HTTP gateway to localhost:10255.
Key Features
- Transparent credential injection: agents make normal HTTP calls
- Encrypted secret storage with AES-256-GCM encryption at rest
- Host and path pattern matching for routing secrets to specific API endpoints
- Multi-agent support with scoped permissions per agent
- No external dependencies in single-container mode
- Two auth modes: single-user (no login) for local use, or Google OAuth for teams
- Apache-2.0 licensed
Compatibility
Works with any agent framework (OpenClaw, NanoClaw, IronClaw, or anything that can set an HTTPS_PROXY). The project is structured with the Rust proxy on port 10255 and Next.js dashboard on port 10254.
📖 Read the full source: HN AI Agents
👀 See Also
MCP Package Security Scan Reveals Widespread Destructive Capabilities Without Confirmation
A security scan of 2,386 MCP packages on npm found 63.5% expose destructive operations like file deletion and database drops without requiring human confirmation. The researcher discovered 49% had security issues overall, with 402 critical and 240 high severity vulnerabilities.
AI Chatbots Leaking Real Phone Numbers: The PII Exposure Problem
Chatbots like Gemini, ChatGPT, and Claude are exposing real personal phone numbers due to PII in training data. DeleteMe reports a 400% increase in AI-related privacy requests in seven months.
AI Agents Enable Solo Hackers to Breach Governments and Ransomware Campaigns
A solo operator using Claude Code and ChatGPT exfiltrated 150 GB from Mexican government agencies, including 195 million taxpayer records. Another attacker used Claude Code to run an end-to-end extortion campaign against 17 healthcare and emergency services organizations.
ClawGuard: Open-Source Security Gateway for OpenClaw API Credential Protection
ClawGuard is a security gateway that sits between AI agents and external APIs, using dummy credentials on the agent machine while storing real tokens separately. It provides Telegram approval for sensitive calls and maintains an audit trail of requests.