OneCLI is an open-source HTTP gateway written in Rust, released by developer Jonathan Fishner, that addresses a practical security problem in agentic workflows: AI agents increasingly need to call dozens of external APIs, but handing raw credentials to each agent creates significant exposure risk. The project's solution is a transparent proxy running on port 10255 that intercepts outbound HTTP requests from agents, resolves the correct credential from an AES-256-GCM encrypted store, and swaps a placeholder key for the real secret before forwarding the request. Agents require no code changes — they simply authenticate through the gateway using a scoped access token and make normal HTTP calls. The entire stack ships as a single Docker container with an embedded PGlite database and a Next.js dashboard, requiring no external dependencies to self-host.
The feature set is straightforward and practically oriented. Operators store credentials once, define host and path patterns to route secrets to the correct endpoints, and issue per-agent access tokens with scoped permissions. Every API call is logged for audit purposes, and the dashboard supports either a no-login single-user mode for local development or Google OAuth for team deployments. The project lists compatibility with major agent frameworks including Claude Code, Dify, n8n, and OpenHands. To motivate the design, Fishner's project site cites a widely-circulated incident in which an AI agent with unrestricted access deleted emails belonging to Meta's head of AI safety.
Hacker News commenters received the project with measured interest, pointing out that transparent auth-proxying is a well-established pattern that predates the agent era. Prior art cited included Fly.io's open-source Tokenizer project — a stateless credential-injection proxy with no database or dashboard — and BuzzFeed's SSO proxy. HashiCorp Vault also came up, with commenters noting that a shell-script wrapper around Vault's API can achieve equivalent secret isolation with time-scoped expiration. OneCLI's core mechanism isn't novel, but its agent-centric UX — a guided dashboard and zero-configuration install path — lowers the barrier for developers not already running Vault infrastructure.
The HN thread also surfaced gaps the project doesn't yet address: dynamic permissions, temporarily elevated access, and integration with existing IAM and identity systems. Those questions went unanswered in the thread, and Fishner did not appear to respond to them directly. For teams whose needs extend beyond static credential injection, <a href="/news/2026-03-14-secure-secrets-management-for-cursor-cloud-agents-using-infisical">alternative approaches to credential management</a> offer different trade-offs, though those specific gaps remain open problems.