Credential injection
Agents send a placeholder token. OneGate replaces it with the real secret at request time, so a raw key never lives in agent code, logs, or memory.
The credential gateway for AI agents
OneGate sits between your AI agents and the internet. It injects real secrets at the network edge, so your agents work with every API without ever holding a key.
One gate for every request
OneGate is a self-hosted HTTP CONNECT proxy. Point your agents at it with a standard HTTPS_PROXY setting and they send placeholder tokens instead of real keys. For the integration hosts you configure, OneGate terminates TLS, checks your policy, swaps the placeholder for the real credential, and records the request. Everything else passes through untouched. Your secrets never leave your box, and your agents never see them.
Built for running agents safely
Everything you need to put agents in front of real APIs without handing them your secrets.
Per-agent policy engine
New agents deny by default. Add allow rules scoped by integration, HTTP method, and path glob, per agent or per project. Deny beats allow beats default.
Full audit log
Every request is written down, allow or deny, with the agent, integration, method, path, status, and the LLM connection that was selected.
LLM connections and routing
Register several keys per provider, then route with fallback or round-robin. OneGate spills over to the next connection automatically when one errors or runs out.
33+ integrations
GitHub, Google, Slack, Stripe, Anthropic, OpenAI, Notion, Linear, and many more. OAuth providers are bring-your-own-client, and community integrations are a single dropped-in file.
Self-hosted and open source
Your secrets stay on your machine. Zero native dependencies, runs from a single Node process or a Docker container, and MIT licensed.
How it works
No SDK and no code changes. Anything that honors proxy environment variables works.
Agent
Sends a placeholder
Your agent calls the API through OneGate with a placeholder token in place of the real key.
OneGate
Auth, policy, inject, audit
Authenticates the agent, checks policy, swaps in the real credential, and records the decision.
Vendor
Receives the real request
The vendor sees a normal authenticated call over a direct TLS connection from the gateway.
1
Mint a root CA
onegate init creates a root certificate. You trust it once on each agent machine.
2
Wire the proxy
Set HTTPS_PROXY to the gateway with the agent token. No code changes required.
3
Terminate only what you configure
OneGate decrypts only the integration hosts you set up. Every other host is passed through untouched, with no decryption.
4
Govern and watch
Allow and deny per agent or project, scoped by method and path glob. Every decision lands in the audit log.
Quickstart
Up and running with Docker in a couple of commands. From source needs Node 22.13 or newer.
shell
# start the gateway docker compose up -d docker logs onegate # prints the one-time admin token # open the web UI at http://localhost:8080, then register an agent onegate agent add my-agent # prints a one-time og_ token # on the agent machine, wire the proxy and trust the root CA export HTTPS_PROXY=http://agent:og_xxxx@gateway-host:8443 export NODE_EXTRA_CA_CERTS=/path/to/rootCA.pem # the agent uses a placeholder, OneGate injects the real credential curl https://api.github.com/user -H "Authorization: Bearer placeholder"
New agents default to deny-unmatched, so add an allow rule in the UI or API before traffic flows. Full steps in the deployment guide.
33+ integrations, and counting
Connect once at the gateway. Add your own in about thirty lines.
GitHub
Google
Slack
Stripe
Anthropic
OpenAI
Notion
Linear
Jira
GitLab
Vercel
Cloudflare
SendGrid
Supabase
MongoDB Atlas
and more
Put your agents behind one gate
Self-host OneGate today. It is open source, MIT licensed, and runs anywhere Node or Docker does.