oc

Give your agents access,
not your secrets.

Open-source credential vault. Your agents call services and never see a key.

Get Started
API keys scattered everywhere.One encrypted vault.
Agent sees raw keys.Agent never sees a key.
Revoking access means hunting down keys.Revoke once, everywhere.
Agent has unrestricted access.Block endpoints or rate-limit per agent.

Drop-in security for any agent

One command. Zero code changes. Your agents stay secure.

OpenClawNanoClawIronClawDifyn8nOpenHands+ any framework
OneCLI architecture showing agents connecting through the OneCLI proxy to external services
Without OneCLI+ OneCLI
Secret handlingLLM sees raw API keysEncrypted vault,
agent never sees keys
SetupHardcode keys or env varsdocker run ghcr.io/onecli/onecli

It happened to her.

It won't happen to you.

N
NIK
@ns123abc

META's head of AI safety and alignment gets her emails nuked by OpenClaw

>be director of AI Safety and Alignment at Meta

>install OpenClaw

>give it unrestricted access to personal emails

>it starts nuking emails

>"Do not do that"

>*keeps going*

>"Stop don't do anything"

>*gets all remaining old stuff and nukes it aswell*

>"STOP OPENCLAW"

>"I asked you to not do that"

>"do you remember that?"

>"Yes I remember. And I violated it."

>"You're right to be upset"

Summer YueOpenClaw chat log showing the agent deleting emails while ignoring stop commandsSummer Yue X profile showing her role at Meta
2.8M views29K likes3.3K retweets

With OneCLI, agents call APIs through a gateway that injects credentials at the network layer. They never see a key, and you control exactly what they can access.

What teams build with OneCLI

Coding Agents

Your Cursor or Claude agent pushes to GitHub, creates Jira tickets, and deploys to Vercel — all through OneCLI's gateway. Credentials injected, never exposed.

GitHubJiraVercelLinear

Autonomous Workflows

n8n, Dify, or custom pipelines call Slack, Google Calendar, and Stripe APIs. OneCLI injects OAuth tokens per-request. Revoke access instantly.

SlackGoogle CalendarStripeGmail

Team Governance

10 agents across 3 projects. Rate limits on the Slack API, approval rules for payment endpoints, full audit logs. One dashboard.

Multi-agentRate limitsApprovalsAudit logs

Security & Compliance

Show exactly which agent called which API, when, and what credentials were used. No keys in logs, no keys in prompts.

SOC 2Audit trailRevocationZero-trust

How it works

1. Start OneCLI

$docker run -d -p 10254:10254 -p 10255:10255 -v onecli-data:/app/data ghcr.io/onecli/onecli
{
  "status": "running",
  "dashboard": "localhost:10254",
  "gateway": "localhost:10255"
}

2. Add credentials

$open http://localhost:10254
{
  "credentials": ["google", "github", "slack"]
}

3. Your agent just works

$curl -x http://localhost:10255 https://gmail.googleapis.com/gmail/v1/users/me/messages
{
  "messages": [
    { "from": "alice@acme.co", "subject": "Re: Q3 roadmap" },
    { "from": "github@noreply.com", "subject": "PR #42 merged" },
    { "from": "linear@linear.app", "subject": "ONC-118 assigned to you" }
  ]
}

What you get

Zero code changes

Set HTTPS_PROXY and your agent's existing HTTP calls get credentials injected. No SDK, no wrapper.

Encrypted vault

Credentials stored in local KMS or OneCLI Cloud. Never written to disk in plain text.

Full audit trail

See every API call, which agent made it, and when.

One Docker container

Proxy, vault, and dashboard all run from a single docker run command.