Skip to main content
OneCLI gives your AI agents secure access to external services. Store credentials once, inject them at request time, and control what your agents can do. Your agents never see the keys. Sign up at app.onecli.sh, connect your services, and point your agent through OneCLI. No code changes needed. OneCLI Dashboard

Get your API key

When you create an account, OneCLI generates a project and API key for you automatically. Use it with the CLI, SDKs, or API. 
export ONECLI_API_KEY=oc_your_api_key

Connect your first agent

The fastest way to get started is with the OneCLI CLI. Install it and run your coding agent through it: 
curl -fsSL onecli.sh/cli/install | sh
onecli auth login --api-key $ONECLI_API_KEY
onecli run -- claude
That’s it. Your agent’s HTTP calls now route through OneCLI, which injects credentials and enforces rules automatically. For Docker-based agents, use the Node.js SDK: 
import { OneCLI } from "@onecli-sh/sdk";

const onecli = new OneCLI({ apiKey: "oc_your_api_key" });

const args = ["run", "-i", "--rm", "--name", "my-agent"];
await onecli.applyContainerConfig(args);
// args now has HTTPS_PROXY, CA certs, and volume mounts

How it works

OneCLI runs a transparent gateway that intercepts outgoing HTTP requests, checks them against your rules, injects credentials from an encrypted vault, and forwards them to the right service.
  • Credentials are AES-256-GCM encrypted at rest and decrypted only at request time. Your agents never hold raw API keys.
  • Rules let you block operations, rate-limit sensitive actions, and scope access per agent.
  • The dashboard is where you manage agents, secrets, rules, and audit logs.

Explore

Quickstart

Full setup guide with step-by-step instructions.

How it works

Architecture: gateway, vault, rules, and how the pieces fit together.

Integrations

Connect Google, GitHub, Slack, AWS, and 30+ other services.

SDKs

Node.js, Python, Go, Rust, and more.

Rules

Block operations, rate-limit actions, and require manual approval.

Self-hosting

Run OneCLI on your own infrastructure with Docker.