Bitwarden integrates with OneCLI agent vault

https://www.onecli.sh/blog/bitwarden-agent-access-sdk-onecli

42•sudo_chmod•1h ago

Comments

rcakebread•1h ago

Did you mean to post this on April 1st?

e7h4nz•1h ago

Did you actually read this article or try to understand what OneCLI does?

dandellion•1h ago

Nobody wrote that article, why should anybody read it?

gmerc•1h ago

Took VC money, here comes the AI enshittification.

bundie•1h ago

EDIT: My bad. I saw "agent" and immediately thought of AI.

warkdarrior•1h ago

It doesn't, this is why this announcement is not about Bitwarden incorporating AI.

AnonC•1h ago

Tangential: Where is Bitwarden on the below roadmap right now? It wasn’t even good to users, but was an alternative to 1Password and others that had long crossed this bridge.

‘Here is how platforms die: first, they are good to their users; then they abuse their users to make things better for their business customers; finally, they abuse those business customers to claw back all the value for themselves. Then, they die. I call this enshittification, and it is a seemingly inevitable consequence arising from the combination of the ease of changing how a platform allocates value, combined with the nature of a "two-sided market", where a platform sits between buyers and sellers, hold each hostage to the other, raking off an ever-larger share of the value that passes between them.’

- Cory Doctorow

rschiavone•1h ago

What's wrong with 1Password?

Uvix•52m ago

They switched from a purchase with local vault storage model (where you could sync it to the cloud if you wanted to) to subscription-only with cloud storage they control.

mrweasel•15m ago

Short of using pass, what are some good alternatives? My main critic of 1Password has been the cost, but it is a very good password manager, and price seems to have gone down... Or at least the dollars has weakened enough that the price has come down for me.

ilitirit•1h ago

> It wasn’t even good to users

I may be out of the loop, but how was Bitwarden not "good" to users? Does this relate to the recent price increase?

falcor84•1h ago

I don't get what semantic value you're getting by pasting this. It's almost like saying "VC-funded tech = bad", which is an ironic stance to take on this platform.

Is there anything that bitwarden did that is actually bad for you as a customer of theirs?

sneak•1h ago

How soon until those of us who are running Vaultwarden need to fork the Bitwarden clients, too?

Uvix•51m ago

Reading the article, it sounds like this is the other way around? Bitwarden is offering a new API, and OneCLI Agent Vault is integrating with the new API.

stronglikedan•12m ago

integration is a two-way street. it doesn't matter which is stated first

jMyles•8m ago

I disagree that integration is commutative.

Often, we see a feature which is important to free use of a computer as a general-purpose tool locked behind an ever-changing and/or poorly documented API in a closed-source, centralized, de-facto-government-subsidized project.

The power dynamics of that situation are not symmetrical, so it does matter which project(s) are using which API(s) of the other(s).

lucideer•46m ago

I really don't understand the HN comments here.

Lots of assumptions that the article is AI-authored (it could be but I'm not seeing overtly obvious signs - it's quite readable) & a lot of ungrounded assumptions that this is somehow related to Bitwarden integrating AI into their product.

I really thought reading comprehension among HN users was better than this.

rvz•23m ago

There are worse things to mention about OneCLI as it looks like a completely vibe-coded mess, seeing that CLAUDE.md and Claude itself being one of the contributors [0]

Perhaps the most damning discovery is that they don't even do basic dependency pinning [1] [2] which just risks another supply chain attack.

As soon as I saw that, that was everything I needed to know about the project. No security audit whatsoever and Bitwarden believes this is something worth integrating.

[0] https://github.com/onecli/onecli/graphs/contributors

[1] https://github.com/onecli/onecli/blob/main/packages/ui/packa...

[2] https://github.com/onecli/onecli/blob/main/packages/db/packa...

rvz•41m ago

OneCLI does not even have a security audit and a VC backed password manager believes that it is secure enough to integrate in their password manager.

I could not be anymore bearish on Bitwarden than before after looking at this and very glad that I don't use them.

JaggedJax•27m ago

I don't understand why this would change any opinion on Bitwarden. Bitwarden offers an API and OneCLI calls the Bitwarden API. How does a 3rd party calling Bitwarden's API say anything about Bitwarden?

Edit: I can see on Bitwarden's site they also call out their support for OneCLI, so I suppose that looks like Bitwarden saying they approve of and recommend OneCLI. But I see recommending an open source solution as a lot less problematic than recommending any other random private startup solution.

SkyPuncher•17m ago

These tools are useful, but I can't help to feel like they're solving the wrong part of the problem. I really don't have much concern that an agent has access to one of my credentials. Outside of production, most of these credentials are going to be limited in privilege and self-rotatable.

What remains terrifying is the ability to exfil important data or run commands that are malicious.

jadengeller•15m ago

exfiltrating a credential provides persistent access (until detected and rotated) tho! probably one of the more leveraged things to prevent