Skip to content
Tech News
← Back to articles

Bitwarden Integrates with OneCLI Agent Vault

2026-03-30 | original
read original get Bitwarden Password Manager → more articles
Why This Matters

Bitwarden's integration with the OneCLI Agent Vault introduces a more secure and controlled method for AI agents to access credentials, reducing risks associated with key leaks and prompt injections. This approach emphasizes human-in-the-loop approval, enhancing security in automated workflows, which is crucial for enterprise and consumer trust in AI-driven applications.

Key Takeaways

Bitwarden just launched their Agent Access SDK, letting AI agents access credentials from Bitwarden's vault with human approval. OneCLI is the open-source gateway that puts it to work: it sits between your agent and the APIs it calls, injecting credentials into requests at the network layer. Until now, agents had to hold API keys in memory to make authenticated calls. Now they don't.

Why this matters

Most agent credential setups today work like this: you store your API keys somewhere (env vars, a secrets manager, a password vault), the agent fetches the key, and from that point on the key lives in the agent's context. Extractable. Loggable. Leakable via prompt injection.

Secrets managers solve storage. They do not solve what happens after the agent has the key.

Bitwarden's Agent Access SDK takes a different approach. Every credential request goes through a human-in-the-loop approval flow. The agent asks for access, the user approves it through the Bitwarden CLI, and the credential gets injected without the agent ever seeing the raw value in plaintext.

Where OneCLI fits

OneCLI sits between the agent and the external services it calls. It intercepts API requests, pulls the credential from Bitwarden's vault via their SDK, injects it into the outgoing request, and forwards it. The agent never holds the key. The LLM provider never sees it.

This is the same gateway architecture we use with every credential source, but Bitwarden adds something we did not have before: a mature approval workflow backed by enterprise key management. When Bitwarden's user approves a credential request, OneCLI handles the injection and policy enforcement on every subsequent API call.

# Configure Bitwarden as credential source onecli provider add bitwarden \ --vault-url "https://vault.bitwarden.com" # Rate-limit API calls per service onecli rules create \ --name "Stripe rate limit" \ --host-pattern "api.stripe.com" \ --action rate_limit \ --rate-limit 10 \ --rate-window 1h

# Configure Bitwarden as credential source onecli provider add bitwarden \ --vault-url "https://vault.bitwarden.com" # Rate-limit API calls per service onecli rules create \ --name "Stripe rate limit" \ --host-pattern "api.stripe.com" \ --action rate_limit \ --rate-limit 10 \ --rate-window 1h

... continue reading

Explore topics: bitwarden onecli agent access sdk api
Related:
Cohere's open-weight ASR model hits 5.4% word error rate — low enough to replace speech APIs in production pipelines
OCR For construction documents does not work, we fixed it
OCR for construction documents does not work, we fixed it
Show HN: Public transit systems as data – lines, stations, railcars, and history
I decompiled the White House's new app

© 2026 GoKawiil

About | Editorial Policy | Contact