OneCLI: Open-Source Credential Vault for AI Agents

Source: https://github.com/onecli/onecli Author: onecli Date: 2026-03-13

Summary

OneCLI is an open-source credential vault that injects API keys into AI agent calls rather than exposing them directly. Solves the problem of giving agents access to external services without embedding credentials in prompts or system messages.

Key Claims

  • Problem: AI agents need API keys to call external services, but keys in prompts/code are security risks.
  • Solution: OneCLI stores keys once; agents request access through the vault, which injects credentials at call time.
  • The vault also audits: every agent credential use is logged — provides accountability for what the agent accessed.
  • Open source: self-hosted, no credentials sent to third-party services.
  • Relevant for: any agentic system that needs to call third-party APIs (email, calendar, GitHub, etc.).

Concepts