> ## Documentation Index
> Fetch the complete documentation index at: https://onecli.sh/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Credential & Policy Layer for AI Agents

> Give your AI agents secure access to external services. Store credentials once, inject them at request time, and control what your agents can do. Your agents never see the keys.

[OneCLI](https://onecli.sh) gives your AI agents secure access to external services. Store credentials once, inject them at request time, and control what your agents can do. Your agents never see the keys.

Sign up at [app.onecli.sh](https://app.onecli.sh), connect your services, and point your agent through OneCLI. No code changes needed.

<img src="https://mintcdn.com/chartdbinc/QhqVDDnxqQYGjiMi/images/dashboard-overview.png?fit=max&auto=format&n=QhqVDDnxqQYGjiMi&q=85&s=3e4f5615c818738032111894543a858a" alt="OneCLI Dashboard" className="block dark:hidden" width="3248" height="1966" data-path="images/dashboard-overview.png" />

<img src="https://mintcdn.com/chartdbinc/QhqVDDnxqQYGjiMi/images/dashboard-overview-dark.png?fit=max&auto=format&n=QhqVDDnxqQYGjiMi&q=85&s=e504644f9a87fc61748e9000caeeb29d" alt="OneCLI Dashboard" className="hidden dark:block" width="3248" height="1966" data-path="images/dashboard-overview-dark.png" />

## Get your API key

When you create an account, OneCLI generates a project and API key for you automatically. Use it with the CLI, SDKs, or API.

```bash theme={null}
export ONECLI_API_KEY=oc_your_api_key
```

## Connect your first agent

The fastest way to get started is with the OneCLI CLI. Install it and run your coding agent through it:

```bash theme={null}
curl -fsSL onecli.sh/cli/install | sh
onecli auth login --api-key $ONECLI_API_KEY
onecli run -- claude
```

That's it. Your agent's HTTP calls now route through OneCLI, which injects credentials and enforces [rules](/guides/rules) automatically.

For Docker-based agents, use the [Node.js SDK](/sdks/node):

```typescript theme={null}
import { OneCLI } from "@onecli-sh/sdk";

const onecli = new OneCLI({ apiKey: "oc_your_api_key" });

const args = ["run", "-i", "--rm", "--name", "my-agent"];
await onecli.applyContainerConfig(args);
// args now has HTTPS_PROXY, CA certs, and volume mounts
```

## How it works

OneCLI runs a transparent gateway that intercepts outgoing HTTP requests, checks them against your [rules](/guides/rules), injects credentials from an encrypted vault, and forwards them to the right service.

* Credentials are AES-256-GCM encrypted at rest and decrypted only at request time. Your agents never hold raw API keys.
* Rules let you block operations, rate-limit sensitive actions, and scope access per agent.
* The [dashboard](https://app.onecli.sh) is where you manage agents, secrets, rules, and audit logs.

## Explore

<CardGroup cols={2}>
  <Card title="Quickstart" icon="rocket" href="/quickstart">
    Full setup guide with step-by-step instructions.
  </Card>

  <Card title="How it works" icon="gears" href="/how-it-works">
    Architecture: gateway, vault, rules, and how the pieces fit together.
  </Card>

  <Card title="Integrations" icon="plug" href="/integrations">
    Connect Google, GitHub, Slack, AWS, and 30+ other services.
  </Card>

  <Card title="SDKs" icon="code" href="/sdks">
    Node.js, Python, Go, Rust, and more.
  </Card>

  <Card title="Rules" icon="shield" href="/guides/rules">
    Block operations, rate-limit actions, and require manual approval.
  </Card>

  <Card title="Self-hosting" icon="server" href="/how-it-works">
    Run OneCLI on your own infrastructure with Docker.
  </Card>
</CardGroup>