DEV.co
MCP Servers · onecli

onecli

OneCLI is an open-source credential gateway that lets AI agents access APIs without ever seeing real credentials. You store secrets once in OneCLI's encrypted vault, and the gateway transparently swaps fake placeholder keys for real ones on outbound requests—agents just make normal HTTP calls.

Source: GitHub — github.com/onecli/onecli
2.5k
GitHub stars
133
Forks
TypeScript
Primary language
Apache-2.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryonecli/onecli
Owneronecli
Primary languageTypeScript
LicenseApache-2.0 — OSI-approved
Stars2.5k
Forks133
Open issues76
Latest releasev1.41.0 (2026-07-07)
Last updated2026-07-07
Sourcehttps://github.com/onecli/onecli

What onecli is

TypeScript/Node.js dashboard (Next.js) paired with a Rust HTTP gateway that intercepts outbound requests and performs credential injection via pattern matching (host/path), with AES-256-GCM encryption at rest and token-based access control. Supports Google OAuth, PostgreSQL persistence, and optional Bitwarden vault integration.

Quickstart

Get the onecli source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/onecli/onecli.gitcd onecli# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Multi-agent AI deployments needing centralized credential management

Deploy dozens of AI agents that each call different APIs without distributing raw keys. Rotate credentials once in OneCLI; all agents pick up the change immediately.

Regulated environments requiring auditability and least-privilege access

Log all credential access, scope tokens per agent, and enforce host/path matching rules. Single point of control for compliance and security incident response.

Development-to-production secret rotation and zero-knowledge architecture

Keep production credentials off developer machines and agent containers. Use OneCLI as the sole gateway; decrypt only at request time and never persist plaintext in logs.

Implementation considerations

  • PostgreSQL dependency required for persistence; local mode (single-user, no login) available for dev but production needs database setup and backups.
  • Rust gateway requires compilation and deployment separate from the Node.js dashboard; Docker Compose provided but multi-node/HA scenarios require custom orchestration.
  • Agents must use HTTP(S) and be configured to route through the gateway; non-proxied direct API calls bypass credential injection entirely.
  • AES-256-GCM encryption key management critical; auto-generation in dev acceptable but production requires secure key rotation and storage strategy.
  • Pattern matching (host/path) for credential selection must be configured carefully to avoid collisions or overly broad injection rules.

When to avoid it — and what to weigh

  • Extremely low-latency requirements (<10ms gateway overhead critical) — Rust gateway is fast, but network round-trips and pattern matching add latency. Validate performance in your environment before committing to production.
  • Existing mature vault ecosystem (HashiCorp Vault, AWS Secrets Manager) already deployed — OneCLI overlaps significantly in functionality. Migration/dual-management may add complexity unless you need AI-agent-specific UX and transparent proxy injection.
  • Non-HTTP or exotic transport protocols (gRPC, WebSocket) — OneCLI intercepts HTTP(S) at the gateway level. Agents using other protocols cannot benefit from transparent credential injection.
  • Offline-first or air-gapped agent deployments — Requires network access to OneCLI gateway for every credential lookup and injection. Not suitable for environments without reliable connectivity.

License & commercial use

Apache License 2.0 (Apache-2.0). Permissive OSI-approved license allowing commercial use, modification, and distribution with attribution and liability disclaimer.

Apache-2.0 is permissive and allows commercial use. However, this is the project license, not a guarantee of vendor support, SLA, or commercial licensing. Evaluate vendor support options and any downstream dependencies (PostgreSQL, Docker, Google OAuth) for your own commercial terms.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitStrong
Assessment confidenceHigh
Security considerations

AES-256-GCM encryption at rest and decryption only at request time are sound practices. Pattern matching (host/path) for credential routing reduces blast radius vs. global injection. No details on key rotation, audit logging volume/retention, or TLS/MITM handling between agents and gateway. Secret Encryption Key auto-generation in dev is acceptable; production requires secure key derivation and rotation strategy. Access token model depends on secure token generation and revocation. No third-party security audit or CVE disclosures mentioned.

Alternatives to consider

HashiCorp Vault

Enterprise-grade secret management with broader protocol support, RBAC, audit logging, and HA. Steeper learning curve and operational overhead; no transparent HTTP proxy injection for agents out-of-the-box.

AWS Secrets Manager / AWS Systems Manager Parameter Store

Cloud-native secret storage with IAM integration, audit trails, and rotation. AWS-only; agents must use AWS SDKs and explicit API calls; no transparent gateway interception.

Bitwarden Secrets Manager

Lightweight, user-friendly credential storage. OneCLI integrates with Bitwarden for on-demand fetch. Lacks transparent proxy injection and agent-specific access control.

Software development agency

Build on onecli with DEV.co software developers

OneCLI eliminates the need to distribute raw API keys to each agent. Deploy the gateway, store credentials once, and let agents access services safely. Start with local mode or reach out to discuss production setup.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

onecli FAQ

Can I run OneCLI in production without external databases?
No. Local mode (no login) is single-user dev only. Production requires PostgreSQL for persistence, configuration via environment variables, and secure key/encryption setup.
Does OneCLI work with agents that don't support HTTP proxies?
No. Transparent credential injection relies on HTTP(S) gateway interception. Agents using other protocols (gRPC, WebSocket, direct SDK calls bypassing HTTP) cannot use OneCLI.
How does OneCLI handle credential rotation?
You update the credential in OneCLI's dashboard; the gateway immediately uses the new value for all subsequent requests. No agent restart required. Bitwarden vault integration can also sync credentials on-demand.
Is OneCLI suitable for air-gapped or offline-first deployments?
No. Every credential lookup and injection requires network access to the OneCLI gateway. Offline agents cannot authenticate or inject credentials.

Work with a software development agency

From first prototype to production, DEV.co delivers software development services around tools like onecli. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across mcp servers and beyond.

Secure your AI agent deployments with centralized credential management.

OneCLI eliminates the need to distribute raw API keys to each agent. Deploy the gateway, store credentials once, and let agents access services safely. Start with local mode or reach out to discuss production setup.