Claude Skill

onecli/onecli

OneCLI is an open-source credential vault that securely manages secrets for AI agents and CLI tools, preventing key exposure while enabling secure access to external services and APIs.

Overview

Stars2,437
Forks130
LanguageTypeScript
Last pushed2026-07-02
Last synced2026-07-03
View on GitHub

Repository

Owneronecli
Repositoryonecli
Full nameonecli/onecli
Repo ID1,175,900,220

Install this Skill

git clone https://github.com/onecli/onecli.git

Registry

Typemcp_server
Quality score80/100
Verificationreadme_parsed
Last verified2026-05-31
Platforms
MCPOpenClaw
Capabilities
memoryimageterminalai-agentsclimcpnanoclawnodejsopenclawpostgres
Detected files
README.mddocspackage.json
Config keys
FAKE_KEYREAL_KEYURLDATABASE_URLNEXTAUTH_SECRETGOOGLE_CLIENT_IDGOOGLE_CLIENT_SECRETSECRET_ENCRYPTION_KEYPACKAGE_JSON

Summary

OneCLI is an open-source credential vault designed to securely manage secrets for AI agents and CLI tools, enabling access to external services without exposing API keys or sensitive credentials in code or logs.

Chinese description

开源凭证保险库,让您的AI助手安全访问服务,无需暴露密钥。

Key features

  • Open-source credential vault for AI agents
  • Securely manages API keys and secrets
  • Prevents credential exposure in code/logs
  • Integrates with MCP (Model Context Protocol)
  • Built with TypeScript and Rust
  • Supports PostgreSQL for data storage

Use cases

  • Securing credentials for AI agent workflows
  • Managing secrets in CLI tool development
  • Providing secure service access for automation scripts
  • Integrating with MCP-based AI applications
  • Building secure backend services with secret management
  • Developing security tools for developer environments

README excerpt

<picture> <source media="(prefers-color-scheme: dark)" srcset="assets/onecli-logo-dark.gif"> <source media="(prefers-color-scheme: light)" srcset="assets/onecli-logo-light.gif"> <img alt="OneCLI" src="assets/onecli-logo-light.gif" width="100%"> </picture> <p align="center"> <b>The secret vault for AI agents.</b><br/> Store once. Inject anywhere. Agents never see the keys. </p> <p align="center"> <a href="https://onecli.sh">Website</a> &middot; <a href="https://onecli.sh/docs">Docs</a> &middot; <a href="https://discord.gg/PSztzsQB3g">Discord</a> </p> --- <picture> <source media="(prefers-color-scheme: dark)" srcset="assets/onecli-flow-dark.gif"> <source media="(prefers-color-scheme: light)" srcset="assets/onecli-flow-light.gif"> <img alt="How OneCLI works" src="assets/onecli-flow-light.gif" width="100%"> </picture> ## What is OneCLI? OneCLI is an open-source gateway that sits between your AI agents and the services they call. Instead of baking API keys into every agent, you store credentials once in OneCLI and the gateway injects them transparently. Agents never see the secrets. **Why we built it:** AI agents need to call dozens of APIs, but giving each agent raw credentials is a security risk. OneCLI solves this with a single gateway that handles auth, so you get one place to manage access, rotate keys, and see what every agent is doing. **How it works:** You store your real API credentials in OneCLI and give your agents placeholder keys (e.g. `FAKE_KEY`). When an agent makes an HTTP call through the gateway, the OneCLI gateway matches the request to the right credentials, swaps the `FAKE_KEY` for the `REAL_KEY`, decrypts them, and injects them into the outbound request. The agent never touches the real secrets. It just makes normal HTTP ca

Topics

Explore more

Data from GitHub. Synced on 2026-07-03