Summary OneCLI is an open-source credential vault for AI agents, solving the security risk of embedding API keys. It provides a central gateway where credentials are stored once and injected transparently into agent requests, ensuring agents never handle raw secrets. This simplifies management and enhances security.

How It Works OneCLI acts as a secure intermediary. Developers store real API credentials in its encrypted vault. Agents use placeholder keys and route HTTP requests through the OneCLI gateway. The gateway intercepts requests, matches them to stored credentials via host/path patterns, decrypts secrets, and injects them into outbound headers. Agents interact solely with the gateway, never directly with sensitive keys.

Quick Start & Requirements The fastest local setup uses Docker: docker run --pull always -p 10254:10254 -p 10255:10255 -v onecli-data:/app/data ghcr.io/onecli/onecli Access the dashboard at http://localhost:10254 to configure agents and secrets, then point agent gateways to localhost:10255. Local development requires mise (for Node.js, pnpm) and Rust. Resources: Website · Docs · Discord

Highlighted Details

• Transparent Injection: Agents use normal HTTP calls; gateway manages authentication seamlessly.
• Encrypted Storage: AES-256-GCM encryption at rest, secrets decrypted only at request time.
• Granular Routing: Host/path patterns precisely match secrets to target API endpoints.
• Multi-Agent Support: Each agent gets a distinct token with scoped permissions.
• Performance: Rust gateway ensures high-speed, memory-safe request interception.
• Zero External Dependencies: Embedded PGlite default; optional PostgreSQL support.
• Flexible Auth: Single-user mode for local use; Google OAuth for teams.

Maintenance & Community A Discord server is available for community interaction. The README does not specify core contributors, sponsorships, or a public roadmap.

Licensing & Compatibility Licensed under the permissive Apache-2.0 license, compatible with commercial use and closed-source linking.

Limitations & Caveats The README does not explicitly detail any project limitations, alpha status, known bugs, or unsupported platforms.