Home 零对冲(ZeroHedge)每日HackerNews

Bitwarden 集成 OneCLI Agent Vault
Bitwarden Integrates with OneCLI Agent Vault

原始链接: https://www.onecli.sh/blog/bitwarden-agent-access-sdk-onecli

Bitwarden 已经发布了 Agent Access SDK,为 AI 代理访问凭据提供了一种更安全的方式。 传统上,代理将 API 密钥存储在内存中,存在安全风险。这个新系统利用人工参与的审批流程:代理请求凭据,用户通过 Bitwarden CLI 批准,凭据在*不*让代理看到明文值的情况下被注入。 OneCLI 作为关键网关,拦截 API 请求,从 Bitwarden 获取凭据,并直接将其注入到请求中。 这确保了代理和 LLM 提供商永远不会处理敏感信息。 主要优势包括通过人工审批增强安全性、运行时策略执行(如速率限制)以及全面的审计跟踪。重要的是,此解决方案与框架无关,适用于 NanoClaw 和 OpenClaw 等代理。 Bitwarden 的 SDK 和 OneCLI 都是开源的,目前处于 alpha 阶段,为安全的代理操作提供了一个有前景的“信任层”。

## Bitwarden 与 OneCLI 集成 - 谨慎的反应 Bitwarden 已与 OneCLI Agent Vault 集成,这是一个旨在提高使用凭据的 AI 代理安全性的新系统。然而,围绕该公告的 Hacker News 讨论主要持批评态度。 核心问题在于潜在的安全漏洞。用户担心该集成 *增加* 了风险,特别是强调 API 密钥可能通过“提示注入”被盗——一种操纵 AI 泄露敏感信息的方法。虽然 OneCLI 旨在代理请求并防止代理直接访问密钥,但仍然存在怀疑。 评论员也批评了公告本身,称其宣传语言写得不好,听起来像是 AI 生成的营销“垃圾”。一些人将该集成归因于风险投资的影响,认为其侧重于流行的 AI 功能而非真正的安全改进。总体而言,回应表明人们对该解决方案解决所述安全问题的能力缺乏信心。
相关文章
原文

Bitwarden just launched their Agent Access SDK, letting AI agents access credentials from Bitwarden's vault with human approval. OneCLI is the open-source gateway that puts it to work: it sits between your agent and the APIs it calls, injecting credentials into requests at the network layer. Until now, agents had to hold API keys in memory to make authenticated calls. Now they don't.

Why this matters

Most agent credential setups today work like this: you store your API keys somewhere (env vars, a secrets manager, a password vault), the agent fetches the key, and from that point on the key lives in the agent's context. Extractable. Loggable. Leakable via prompt injection.

Secrets managers solve storage. They do not solve what happens after the agent has the key.

Bitwarden's Agent Access SDK takes a different approach. Every credential request goes through a human-in-the-loop approval flow. The agent asks for access, the user approves it through the Bitwarden CLI, and the credential gets injected without the agent ever seeing the raw value in plaintext.

Bitwarden Agent Access SDK announcement

Where OneCLI fits

OneCLI sits between the agent and the external services it calls. It intercepts API requests, pulls the credential from Bitwarden's vault via their SDK, injects it into the outgoing request, and forwards it. The agent never holds the key. The LLM provider never sees it.

This is the same gateway architecture we use with every credential source, but Bitwarden adds something we did not have before: a mature approval workflow backed by enterprise key management. When Bitwarden's user approves a credential request, OneCLI handles the injection and policy enforcement on every subsequent API call.

# Configure Bitwarden as credential source
onecli provider add bitwarden \
  --vault-url "https://vault.bitwarden.com"

# Rate-limit API calls per service
onecli rules create \
  --name "Stripe rate limit" \
  --host-pattern "api.stripe.com" \
  --action rate_limit \
  --rate-limit 10 \
  --rate-window 1h
OneCLI dashboard with Bitwarden vault connected under External Vaults

What users get

With the Bitwarden + OneCLI integration:

  • Credentials stay in Bitwarden's encrypted vault until explicitly approved by a human.
  • OneCLI proxies every API call the agent makes, injecting credentials at the network layer.
  • Rate limiting and policy enforcement apply to every proxied request.
  • Audit trail covers both the approval (Bitwarden side) and the usage (OneCLI side).

This works with any agent framework. If your agent makes HTTP calls to external services, OneCLI can proxy them regardless of whether you are running NanoClaw, OpenClaw, or something custom.

Try it

Both projects are open source. The integration is live in alpha.

If you are running agents in production and thinking about how to handle credentials safely, this is worth looking at. The combination of human-in-the-loop approval with runtime policy enforcement is the closest thing to a real trust layer we have seen.

联系我们 contact @ memedata.com