OneCLI Turns API Keys Into Phantom Tokens That AI Agents Never Touch
AI agents are walking around with your API keys in their pockets, and it's exactly as terrifying as it sounds.
Meet OneCLI—a Rust-powered solution that finally tackles the elephant in the room. Instead of hoping your GPT-4 agent won't leak your Stripe API key in a hallucination, OneCLI gives agents phantom tokens while keeping the real credentials locked in an encrypted vault.
The architecture is beautifully simple: agents get placeholder keys and make normal HTTP calls through OneCLI's proxy. When a request hits the proxy, OneCLI matches it by host/path, verifies permissions, swaps the fake credential for the real one, and forwards the request. The agent never touches the actual secret.
<> "AI agents are being given raw API keys. And it's going about as well as you'd expect."/>
That's how the OneCLI team frames the problem, and honestly? They're not wrong. I've seen too many demos where developers casually paste production API keys into agent contexts like it's no big deal.
The Real Story
What others miss is that OneCLI isn't just another secret manager—it's rethinking the entire credential handoff between humans and AI. The three-layer approach is genuinely clever:
1. Encrypted vault using AES-256-GCM encryption (secrets never leave disk unencrypted)
2. Proxy layer that transparently handles credential swapping
3. Policy engine that matches agent identity, allowed paths, and access levels
The technical implementation shows serious thought went into this. Single Docker container. Embedded Postgres with PGlite. No external dependencies. It works with any agent framework that supports HTTPS_PROXY environment variables—including OpenClaw, NanoClaw, and IronClaw.
This is infrastructure-grade thinking applied to the Wild West of AI agents.
Why This Matters More Than You Think
The timing is perfect. Posted as a "Show HN" on March 12, 2026, OneCLI arrives just as multi-agent systems are hitting production at scale. The Apache-2.0 license signals they're building for adoption, not vendor lock-in.
But here's what gets me excited: the proxy pattern. Instead of forcing every agent framework to implement their own credential management, OneCLI operates at the HTTP layer. Genius.
Compare this to agent-vault, which uses zero-trust principles with local age encryption and Git-based syncing. Different approach, same recognition that credential management for AI agents is becoming critical infrastructure.
The Technical Beauty
Rust was the right choice here. Memory safety matters when you're handling secrets. The Next.js dashboard keeps things familiar for developers. The embedded database means no complex deployments.
But the real magic is the transparency. Agents don't know they're using a proxy. They make normal API calls. OneCLI handles the security theater behind the scenes.
The creators are explicitly asking for community feedback on their approach, which tells me they understand this is just the beginning. They mention future plans for access policies, audit logging, and human approval workflows.
Smart. Build the foundation first, add the bells and whistles later.
My Take
OneCLI solves a problem that's only going to get worse. As agents get more powerful and gain access to more APIs, the credential management nightmare grows exponentially.
The proxy approach is elegant because it's agent-agnostic. You don't need to rewrite your agent architecture. You don't need to hope framework maintainers implement proper secret management. You just point your agents at OneCLI and sleep better at night.
Is it perfect? No. Network considerations matter. Proxy patterns add complexity. But compared to the current state of "paste your API keys everywhere and pray"?
This is a massive step forward.
The fact that it's getting traction on Hacker News and coverage across developer platforms suggests I'm not alone in thinking this addresses a real pain point. Sometimes the best solutions are the obvious ones that nobody bothered to build properly.
OneCLI did.
