Backed byY Combinator

Give your agents access,
not your secrets.

Agents talk to OneCLI. OneCLI talks to the service.
Keys never leave the vault.

Get Started
onecli gateway

$ docker run ghcr.io/onecli/onecli

gateway ready · vault unlocked

claude-agentGETgithub.com/repos/acme/app✓ key injected

n8n-flowPOSTstripe.com/v1/refunds… held for approval

cursorDELETEgithub.com/repos/acme/app✗ blocked by policy

0 keys exposed to agents

Ecosystem

Works with your whole stack

Coding agents, desktop apps, and autonomous workflows on one side. GitHub, Stripe, Postgres, Slack, and 30+ services on the other. OneCLI sits in the middle and injects scoped credentials per request.

Policy engine

Rules agents can't break

Prompts are suggestions. OneCLI policies are enforced at the network layer, outside the agent, outside the LLM. No matter what the model decides, the proxy enforces your rules deterministically.

Block endpoints

Prevent agents from calling specific APIs (DELETE /repos, POST /payments, or any path you define). Enforced at the proxy, not a suggestion.

Rate limit per agent

Cap how many requests an agent can make per minute, hour, or day. Stop runaway loops before they cause damage.

Require approval

Flag sensitive operations for human review before they go through. Agents wait, you decide.

Scope per project

Each agent only accesses the credentials and services assigned to its project. No cross-project leakage.

Get StartedRead the Docs

Compatibility

Drop-in security for any agent

One command. Zero code changes. Your agents stay secure.

$ docker run ghcr.io/onecli/onecli
OpenClawNanoClawIronClawDifyn8nOpenHands+ any framework
API keys scattered everywhere.One encrypted vault.
Agent sees raw keys.Agent never sees a key.
Revoking access means hunting down keys.Revoke once, everywhere.
What teams build with OneCLI

Coding Agents

Your Cursor or Claude agent pushes to GitHub, creates Jira tickets, and deploys to Vercel, all through OneCLI's gateway. Credentials injected, never exposed.

GitHubJiraVercelLinear

Autonomous Workflows

n8n, Dify, or custom pipelines call Slack, Google Calendar, and Stripe APIs. OneCLI injects OAuth tokens per-request. Revoke access instantly.

SlackGoogle CalendarStripeGmail

Team Governance

10 agents across 3 projects. Rate limits on the Slack API, approval rules for payment endpoints, full audit logs. One dashboard.

Multi-agentRate limitsApprovalsAudit logs

Security & Compliance

Show exactly which agent called which API, when, and what credentials were used. No keys in logs, no keys in prompts.

SOC 2Audit trailRevocationZero-trust

FAQ

Common questions

What is OneCLI?

OneCLI is an open-source credential gateway for AI agents: a secure gateway, an encrypted vault, and a dashboard in one Docker container. Agents make API calls through OneCLI, and credentials are injected at the network layer, so keys never leave the vault.

How does OneCLI keep API keys away from agents?

Credentials live in an encrypted vault (local KMS or OneCLI Cloud) and are injected per-request at the proxy boundary. The agent and the LLM never see a key: not in environment variables, not in prompts, not in logs.

Does it work with my agent framework?

Yes. OneCLI is framework-agnostic: OpenClaw, NanoClaw, IronClaw, Dify, n8n, OpenHands, or any custom pipeline that makes HTTP calls. There are no code changes. Agents route through the gateway with one command.

What can I enforce?

Block specific endpoints, rate-limit per agent, require human approval for sensitive operations, and scope credentials per project. Policies are enforced at the network layer, outside the agent and outside the LLM. They are rules, not suggestions.

Is OneCLI open source?

Yes. OneCLI is Apache 2.0 licensed and developed in the open on GitHub. Self-host it for free with Docker, or use OneCLI Cloud if you want a managed vault and dashboard.

How long does setup take?

One command: docker run ghcr.io/onecli/onecli starts the gateway, vault, and dashboard. The free tier covers 2 agents forever, with no credit card required.

Get started

Start securing your agents today

Free forever for up to 2 agents. No credit card required.