March 30, 2026
Open sesame, but only if you approve
Bitwarden Integrates with OneCLI Agent Vault
Fans cheer “no more leaked passwords” — skeptics yell April Fools and “VC enshittification”
TLDR: Bitwarden and OneCLI now let automated helpers use services without seeing your passwords, by requiring your approval and injecting secrets in transit. Commenters split between applause for real safety and audit trails, and cries of April Fools, VC creep, and confusion over what “agent” even means.
Bitwarden just teamed up with open‑source tool OneCLI to let “agents” (think: software helpers, not James Bond) use your online accounts without ever seeing your actual passwords. The pitch: you approve access through Bitwarden, OneCLI slips the secret into the outgoing request, and the bot never touches the raw key. It’s open source, in alpha, with audit logs and rate limits promised for every call. Links: Bitwarden Agent Access SDK and OneCLI.
And then the comments lit up. One doubter opened with an “April 1st?” eye‑roll, while a defender patiently explained the magic trick: the proxy sits in the middle so the bot can’t read your secrets, full stop. Another commenter saw the word “agent” and immediately thought “AI overload,” then posted an embarrassed my bad—cue the thread teasing. The spiciest take accused Bitwarden of “took VC money, here comes the AI enshittification,” while a doom‑poster dropped the infamous “here’s how platforms die” rant, warning this could be step one toward prioritizing enterprises over users.
Still, fans cheered the human‑in‑the‑loop approvals (“finally, a grown‑up!) and audit trails you can wave at your boss. Skeptics fretted about friction—do I have to approve every little thing?—and whether funneling everything through a proxy is a single point of failure. It’s classic internet: security nerds swooning, cynics doomscrolling, and everyone arguing about what ‘agent’ means.
Key Points
- •Bitwarden launched an Agent Access SDK that requires human approval for agent credential access via the Bitwarden CLI.
- •OneCLI proxies agent HTTP requests and injects credentials from Bitwarden at the network layer so agents never see raw keys.
- •The approach addresses risks where agents previously stored API keys in memory, making them extractable or leakable.
- •OneCLI supports runtime policy enforcement, including per-service rate limiting, and provides usage auditing; Bitwarden records approvals.
- •The integration is open source, currently in alpha, works with any HTTP-based agent framework, and has GitHub repositories available.