I Built A CrewAI Agent That Never Sees My API Keys

I built a CrewAI news agent that pulls both keys from a 1Claw vault at runtime. The OpenAI key, the NewsAPI key, neither one sits in .env. Neither enters the prompt. Neither enters agent memory or logs.

The repo is here.

How it works

Fundamentally, 1Claw is middleware that protects LLMs from reading your sensitive data such as .env secrets or other sensitive information.

When you run this demo, a SecureNewsTool fires once before CrewAI starts. It pulls the NewsAPI key from the vault, fetches recent headlines for your topic, and hands a plain-text list to the agent: "Recent news headlines for 'AI agents':...".

The CrewAI agent has no tools attached. Its only job is turning those headlines into a concise briefing. The LLM call routes through Shroud, 1Claw's OpenAI-compatible proxy, which redacts secrets and defends against prompt injection on the way through.

What I want to call out is what 1Claw isn't doing here. It's not the agent framework, the LLM, or the news API. It's a vault and a proxy that sit beside whatever you're already using. The same pattern works for Anthropic, Stripe, GitHub, or anything else your agent has to authenticate against. Shroud is BYOK if you already pay OpenAI, or 1Claw can handle billing directly if you'd rather have one vendor relationship instead of two. Either way, prompts get inspected for leaks and injection attempts on the way out. There's no path through the agent for a credential to escape, because the LLM's environment doesn't contain one.

Try it

Step 1

Clone the repo, install deps. Python 3.10+, venv.

git clone https://github.com/1clawAI/1claw-crewai-demo
cd 1claw-crewai-demo
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt

You'll need a 1Claw human key (1ck_...) for setup — it never gets written to disk. Grab a free NewsAPI key (no credit card required).

Step 2

Run the setup script. It prompts for keys, masked.

python scripts/setup.py

A vault gets created, your keys land in it, an agent gets minted with a read-only policy on api-keys/**, and .env ends up with four variables: ONECLAW_AGENT_ID, ONECLAW_AGENT_API_KEY, ONECLAW_VAULT_ID, LLM_MODE. No third-party keys.

Step 3

Run it.

python src/main.py "AI agents"

You'll see something like:

=== 1Claw + CrewAI: Secure News Demo ===

Topic:   AI agents
Vault:   a1b2c3d4...
LLM:     Shroud (Token Billing)
Shroud:  https://shroud.1claw.xyz/v1

--- Briefing ---
AI agent frameworks are seeing rapid adoption, with CrewAI and LangGraph
leading in developer mindshare. Enterprise deployments are accelerating
as security tooling matures around credential management and prompt safety.

A CrewAI agent producing a real LLM briefing from real news data, with neither key in its context.

Agentic Security Today

The news lookup isn't the point. I could've used requests and a hardcoded key.

What's interesting is the security middleware provided by 1Claw. The agent doesn't have the NewsAPI key. It has a credential that lets it ask a vault for the NewsAPI key, scoped by a policy, gated by a network call. The LLM has neither key. If a prompt injection lands tomorrow, there's nothing in scope to leak. If logs get scraped, nothing in them. If the bill spikes, you revoke the agent. If you swap OpenAI for Anthropic, you swap the vault entry, not your code.

1Claw stays out of the way of every choice that could lock you in. It just refuses to let your tools see secrets they don't need.