OneCLI

Name: OneCLI
Availability: OnlineOnly
Author: OneCLI

Open-source credential vault and transparent proxy that lets AI agents call external services without ever seeing API keys.

Visit Website

At a Glance

Pricing

Open Source

Self-hosted open-source credential vault and proxy for AI agents.

Engagement

Available On

CLI

API

Web

SDK

OneCLINew York, NYEst. 2024

Listed Mar 2026

About OneCLI

OneCLI is an open-source secret vault and transparent MITM proxy designed for AI agents. It stores credentials once in an encrypted vault and injects them into outgoing HTTP requests at runtime, so agents can call external services without ever handling raw API keys. It runs as a single Docker container and requires zero code changes to integrate with any agent framework.

Encrypted Vault: Credentials are stored with AES-256-GCM encryption and never written to disk in plain text; get started by running docker run ghcr.io/onecli/onecli.
Transparent Proxy: Set HTTPS_PROXY to point your agent's HTTP traffic through OneCLI; credentials are injected automatically without modifying agent code.
Web Dashboard: Manage agents, secrets, and permissions from a local web UI at localhost:10254.
Full Audit Trail: Every API call is logged with agent identity and timestamp, enabling real-time approval or denial of actions.
Human-in-the-Loop Policies: Define per-action policies so a human can approve or deny agent actions before they execute.
One-Command Setup: The entire proxy, vault, and dashboard stack runs from a single docker run command.
Framework Agnostic: Works with any agent framework including OpenClaw, NanoClaw, IronClaw, Dify, n8n, OpenHands, and more.
Revocation: Revoke credentials once from the vault and access is removed everywhere instantly.
Language SDKs: Programmatic integration available via language SDKs for developers who need deeper control.

Community Discussions

Be the first to start a conversation about OneCLI

Share your experience with OneCLI, ask questions, or help others learn from your insights.

Pricing

OPEN SOURCE

Open Source

Self-hosted open-source credential vault and proxy for AI agents.

Encrypted credential vault (AES-256-GCM)
Transparent MITM proxy
Web dashboard
Full audit trail
Human-in-the-loop policies

Capabilities

Key Features

Encrypted credential vault (AES-256-GCM)
Transparent MITM proxy for credential injection
Zero code changes required
Web dashboard for managing agents and secrets
Full audit trail of all API calls
Human-in-the-loop approval policies
Single Docker container deployment
Per-action permission policies
Real-time approve/deny controls
Language SDKs for programmatic integration

Integrations

OpenClaw

NanoClaw

IronClaw

Dify

n8n

OpenHands

Google

GitHub

Slack

Gmail

API Available

View Docs

Back to all tools

OneCLI

Access Control

Open-source credential vault and transparent proxy that lets AI agents call external services without ever seeing API keys.

Visit Website

At a Glance

Pricing

Open Source

Self-hosted open-source credential vault and proxy for AI agents.

Engagement

24views

Discussions

Available On

CLI

API

Web

SDK

Resources

Website Docs GitHub llms.txt

Topics

Access Control Autonomous Systems Agent Frameworks

Alternatives

OpenBox AI Permit.io 1Password Agentic AI Passport

Developer

OneCLINew York, NYEst. 2024

Listed Mar 2026

About OneCLI

Encrypted Vault: Credentials are stored with AES-256-GCM encryption and never written to disk in plain text; get started by running docker run ghcr.io/onecli/onecli.
Transparent Proxy: Set HTTPS_PROXY to point your agent's HTTP traffic through OneCLI; credentials are injected automatically without modifying agent code.
Web Dashboard: Manage agents, secrets, and permissions from a local web UI at localhost:10254.
Full Audit Trail: Every API call is logged with agent identity and timestamp, enabling real-time approval or denial of actions.
Human-in-the-Loop Policies: Define per-action policies so a human can approve or deny agent actions before they execute.
One-Command Setup: The entire proxy, vault, and dashboard stack runs from a single docker run command.
Framework Agnostic: Works with any agent framework including OpenClaw, NanoClaw, IronClaw, Dify, n8n, OpenHands, and more.
Revocation: Revoke credentials once from the vault and access is removed everywhere instantly.
Language SDKs: Programmatic integration available via language SDKs for developers who need deeper control.

Community Discussions

Be the first to start a conversation about OneCLI

Share your experience with OneCLI, ask questions, or help others learn from your insights.

Pricing

OPEN SOURCE

Open Source

Self-hosted open-source credential vault and proxy for AI agents.

Encrypted credential vault (AES-256-GCM)
Transparent MITM proxy
Web dashboard
Full audit trail
Human-in-the-loop policies

Capabilities

Key Features

Encrypted credential vault (AES-256-GCM)
Transparent MITM proxy for credential injection
Zero code changes required
Web dashboard for managing agents and secrets
Full audit trail of all API calls
Human-in-the-loop approval policies
Single Docker container deployment
Per-action permission policies
Real-time approve/deny controls
Language SDKs for programmatic integration

Integrations

OpenClaw

NanoClaw

IronClaw

Dify

n8n

OpenHands

Google

GitHub

Slack

Gmail

API Available

View Docs

Back to all tools