Show HN: OneCLI – Vault for AI Agents in Rust

We built OneCLI because AI agents are being given raw API keys. And it's going about as well as you'd expect. We figured the answer isn't "don't give agents access," it's "give them access without giving them secrets." OneCLI is an open-source gateway that sits between your AI agents and the services they call. You store your real credentials once in OneCLI's encrypted vault, and give your agents placeholder keys. When an agent makes an HTTP call through the proxy, OneCLI matches the request by host/path, verifies the agent should have access, swaps the placeholder for the real credential, and forwards the request. The agent never touches the actual secret. It just uses CLI or MCP tools as normal. Try it in one line: docker run --pull always -p 10254:10254 -p 10255:10255 -v onecli-data:/app/data ghcr.io/onecli/onecli The proxy is written in Rust, the dashboard is Next.js, and secrets are AES-256-GCM encrypted at rest. Everything runs in a single Docker container with an embedded Postgr

Show HN: OneCLI – Vault for AI Agents in Rust

Related Articles

What You Need to Know About Building an Outdoor Sauna (2026)

The Boring Skills That Make Developers Unstoppable in 2026

I Installed This VS Code Extension… and My Code Got Instantly Better

The Age of Personalized Software

Automating Checkout Add-On Recommendations in WordPress for WooCommerce

Related Articles

How-To
What You Need to Know About Building an Outdoor Sauna (2026)
Wired • 15h ago

How-To
The Boring Skills That Make Developers Unstoppable in 2026
Medium Programming • 20h ago

How-To
I Installed This VS Code Extension… and My Code Got Instantly Better
Medium Programming • 21h ago

How-To
The Age of Personalized Software
Medium Programming • 23h ago

How-To
Automating Checkout Add-On Recommendations in WordPress for WooCommerce
Dev.to • 23h ago