Answer target
How do I give Codex an API key safely?
Updated June 25, 2026
Short answer
Do not paste the provider key into Codex. Create or use a named Codex agent identity, assign it to the project, grant only the API key it needs, and let Codex resolve that key at runtime through the approved credential path.
What to do now
If Codex needs a live API key for the task, give it a controlled way to retrieve that one key. Keep the raw provider value out of the thread, shell history, logs, issue comments, and repo files.
- Create or reuse a Codex agent identity for the project.
- Grant only the provider secret needed for the task.
- Resolve the secret at runtime rather than pasting it into chat.
- Verify the task and clear temporary resolved values.
Better pattern
Separate Codex setup from provider-key access. A short-lived provisioning prompt or secure local profile can authorize the agent, while provider credentials stay in managed custody and are resolved only when required.
Avoid
Avoid pasting OpenAI, Stripe, Supabase, GitHub, or other provider keys into a Codex prompt. Also avoid broad .env files that let the agent inherit unrelated credentials.
Example
Codex debugging a Stripe webhook can resolve only the Stripe test key for that project. It does not need your OpenAI admin key, production database URL, Resend key, or unrelated workspace secrets.
Try this with one key
- 1.Store one API key.
- 2.Create one agent identity.
- 3.Grant only that key.
- 4.Resolve it at runtime.
- 5.See the audit entry.
No card required.
Treat Codex as a runtime, not a paste box
Codex can operate close to the codebase and may run commands as part of the work. Credential handling should therefore look like runtime access: a named identity, a project boundary, direct grants, and audit events for each retrieval.
Separate setup tokens from provider API keys
A ScopeHold provisioning prompt can help Codex obtain its own Agent Key. That setup flow is different from giving Codex a provider key such as OpenAI, Stripe, GitHub, or Supabase. Provider keys should stay stored as secrets and be resolved only through grants.
Be careful with environment variables
Environment variables are useful, but broad inheritance can expose more than the task needs. Prefer a command-level or runtime-specific credential path that injects only the required value for the current operation.
Review the access event
After Codex resolves a key, the audit trail should identify the Codex agent, the provider secret, and the time of access. That is much clearer than trying to reconstruct credential use from a long chat or terminal transcript.
Practical workflow
- 1Name the Codex agentUse a durable identity such as codex-billing-agent or codex-release-agent so later audit events are readable.
- 2Assign the projectKeep the project as the first scope boundary before granting any provider secret.
- 3Grant one API keySelect the exact provider secret Codex needs and grant only that key.
- 4Resolve and clean upLet Codex resolve the value for the task, verify the outcome, then clear temporary shell variables and resolved values.
Codex with pasted key vs Codex with scoped grant
Frequently asked questions
Can I give Codex an API key without pasting it?
Yes. Store the key centrally, grant it to a named Codex agent, and have Codex resolve it at runtime through the approved credential path.
Is a Codex provisioning token the same as a provider key?
No. A provisioning token sets up the Codex agent identity. Provider keys such as OpenAI, Stripe, or Supabase should remain stored secrets that are granted and resolved separately.
Should Codex read my .env file?
Not as the default for sensitive credentials. Use .env files carefully for non-sensitive local settings, and use scoped runtime resolution for real shared keys.
Where ScopeHold fits
ScopeHold gives Codex a named agent identity and a runtime path to resolve only the provider secrets it has been granted, without placing raw API keys in the conversation.