March 12, 2026

FAKE_KEY, real tea

Article URL →HN comments →

Show HN: OneCLI – Vault for AI Agents in Rust

Fake keys, real drama: Devs split over AI “secret vault”

TLDR: OneCLI promises a single gateway that injects real API keys so AI bots never see them. The crowd split fast: supporters love the simplicity, while critics warn about encrypted-traffic interception, code-scanner false alarms, and “why not just use Vault?” debates—making this a hot new battleground for AI-agent security.

Hacker News lit up as OneCLI dropped a “secret vault for AI agents” that swaps a FAKE_KEY for the real thing at the last second—so bots never touch your credentials. Fans cheered the “one gate to rule them all” vibe; skeptics smelled trouble. The loudest worry? Enterprise scanners screaming at every pretend key. One commenter warned that stuffing fake-looking keys into codebases could trigger false positives like a fire alarm in a popcorn factory.

Then came the spice: how do you inject secrets when web traffic is encrypted (TLS)? Cue whispers of “man-in-the-middle,” which the project itself nods to with HTTPS interception. Eyebrows hit the ceiling. Another dev asked if it’s basically an auth proxy, while others said, “We already have this”—name-dropping IronClaw, HashiCorp Vault, and even 1Password integrations they want to see.

A veteran rolled in with battle scars: not every app respects proxy settings (looking at you, Node), and AWS signatures break simple key swaps—translation: real-world friction ahead. Meanwhile, supporters called the gateway approach “the right move,” praising transparent injection and a tidy dashboard. The thread devolved into classic HN theater: “Reinventing the wheel” vs “finally a wheel for AI agents.” Jokes flew—“FAKE_KEY causing REAL_PANIC,” “MITM but make it fashion,” and “Sir, your bot has to show ID at the door.”

Key Points

  • OneCLI is an open-source gateway that injects API credentials into outbound requests so AI agents never handle real secrets.
  • Credentials are stored once in an AES-256-GCM–encrypted store and matched by host/path patterns for transparent injection.
  • A Rust-based gateway intercepts requests (including HTTPS via MITM), and agents authenticate via access tokens.
  • The system includes a Next.js dashboard, supports multi-agent scoped permissions, and offers single-user or Google OAuth modes.
  • Quick start is provided via Docker or Docker Compose, with optional PostgreSQL support and embedded PGlite by default.

Hottest takes

“Fake key for real key seems like a problem… enterprise scanning will explode with false positives” — anthonyskipper
“How can a proxy inject stuff if it’s TLS encrypted?” — atonse
“Node is very uncooperative… AWS keys can’t be handled by simple swap” — hardsnow

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.