Codex Authentication Management Comprehensive authentication setup and management for OpenAI Codex CLI, supporting ChatGPT OAuth and API keys. Last Updated : December 2025 (GPT-5.2 Release) Authentication Methods 1. ChatGPT Plus/Pro (Recommended) Benefits: - No API key management - Includes GPT-5.1-Codex-Max and GPT-5.2 access - 4x more usage with Codex-Mini - Seamless browser authentication - Automatic token refresh - Access to GPT-5.2 Pro for maximum accuracy 2. API Key Setup Benefits: - Programmatic access - No browser required - Scriptable workflows - CI/CD integration Authentication Conf…

&& echo \"Valid format\" || echo \"Invalid format\"\n\n# Test with simple prompt\ncodex exec --dangerously-bypass-approvals-and-sandbox \"Echo: Authentication test\"\n\n# Check config file\ncat ~/.codex/config.toml\n\n# Verify environment\nenv | grep OPENAI\n```\n\n### Common Issues\n\n**1. Authentication Failed**\n```bash\n# Clear stored credentials\ncodex logout\nrm -rf ~/.codex/credentials\n\n# Re-authenticate\ncodex login\n\n# Or set API key\nexport OPENAI_API_KEY=\"sk-your-key\"\n```\n\n**2. Invalid API Key**\n```bash\n# Verify key format (should start with sk-)\necho $OPENAI_API_KEY | cut -c1-3\n\n# Test key directly\ncurl https://api.openai.com/v1/models \\\n -H \"Authorization: Bearer $OPENAI_API_KEY\" | jq .\n\n# Regenerate key at https://platform.openai.com/api-keys\n```\n\n**3. Rate Limiting**\n```bash\n# Check rate limits with headers\ncurl -I https://api.openai.com/v1/models \\\n -H \"Authorization: Bearer $OPENAI_API_KEY\" | grep -i rate\n\n# Use organization API key for higher limits\n# Set in ~/.codex/config.toml:\n# organization = \"org-your-org-id\"\n```\n\n**4. Wrong Account**\n```bash\n# Check which account is active\ncodex exec \"What account/organization am I using?\"\n\n# Switch accounts\ncodex logout\ncodex login # Re-authenticate with correct account\n```\n\n## Security Best Practices\n\n### API Key Security\n\n```bash\n# Never commit keys\necho '.codex/' >> .gitignore\necho '.env' >> .gitignore\necho '*.key' >> .gitignore\n\n# Restrict file permissions\nchmod 600 ~/.codex/config.toml\n\n# Use environment variables in production\n# Never hardcode keys in scripts\n\n# Rotate keys regularly\nrotate_api_key() {\n local old_key=$OPENAI_API_KEY\n\n echo \"Visit https://platform.openai.com/api-keys to generate new key\"\n read -p \"Enter new API key: \" new_key\n\n export OPENAI_API_KEY=$new_key\n\n if codex exec \"Test new key\"; then\n echo \"New key works. Remember to revoke old key.\"\n else\n export OPENAI_API_KEY=$old_key\n echo \"New key failed. Reverted to old key.\"\n fi\n}\n```\n\n### Audit Logging\n\n```bash\n#!/bin/bash\n# Log all Codex usage for audit trail\n\naudit_codex() {\n local log_dir=\"~/.codex/audit\"\n mkdir -p \"$log_dir\"\n\n local log_file=\"${log_dir}/$(date '+%Y-%m-%d').log\"\n local timestamp=$(date '+%Y-%m-%d %H:%M:%S')\n local user=$(whoami)\n\n # Determine auth method\n local auth_method=\"unknown\"\n if [ -n \"$OPENAI_API_KEY\" ]; then\n auth_method=\"api_key\"\n elif [ -f ~/.codex/credentials ]; then\n auth_method=\"oauth\"\n fi\n\n # Log the operation\n echo \"$timestamp | $user | $auth_method | $*\" >> \"$log_file\"\n\n # Execute Codex\n codex \"$@\"\n}\n\n# Use instead of codex\nalias codex='audit_codex'\n```\n\n### Least Privilege\n\n```bash\n# Create limited-scope API key for specific tasks\n# Use organization settings to restrict:\n# - Models available\n# - Rate limits\n# - Permissions\n\n# In CI/CD, use minimal permissions\n# Don't use personal API key in CI/CD\n\n# Use different keys for different purposes:\n# - Development key (higher limits, unrestricted)\n# - CI/CD key (restricted, specific models only)\n# - Production key (highly restricted)\n```\n\n## Configuration Profiles\n\n```toml\n# ~/.codex/config.toml with multiple profiles (December 2025)\n\n# Default configuration\nmodel = \"gpt-5.1-codex-max\" # Best for agentic coding\nask_for_approval = \"on-request\"\n\n# Safe profile for exploration\n[profiles.safe]\nmodel = \"o4-mini\"\nask_for_approval = \"untrusted\"\nsandbox = \"read-only\"\n\n# Development profile\n[profiles.dev]\nmodel = \"gpt-5.1-codex-max\"\nask_for_approval = \"on-failure\"\nsandbox = \"workspace-write\"\nsearch = true\n\n# Full automation profile\n[profiles.auto]\nmodel = \"gpt-5.1-codex-max\"\nask_for_approval = \"never\"\nsandbox = \"danger-full-access\"\nsearch = true\n\n# CI/CD profile\n[profiles.ci]\nmodel = \"gpt-5.1-codex-mini\" # Cost-efficient\nask_for_approval = \"never\"\nsandbox = \"workspace-write\"\n\n# GPT-5.2 profiles (NEW December 2025)\n[profiles.gpt52]\nmodel = \"gpt-5.2\"\nask_for_approval = \"never\"\nsandbox = \"workspace-write\"\nsearch = true\n\n[profiles.gpt52-pro]\nmodel = \"gpt-5.2-pro\"\nreasoning_effort = \"xhigh\"\nask_for_approval = \"on-request\"\nsandbox = \"workspace-write\"\n\n[profiles.long-context]\nmodel = \"gpt-5.2\"\ncompact = true # Enable context compaction for 400K context\nask_for_approval = \"never\"\n```\n\n## Usage with Profiles\n\n```bash\n# Use profile\ncodex exec -p dev \"Develop new feature\"\n\n# Override profile settings\ncodex exec -p auto -m o3 \"Complex task with reasoning\"\n\n# Per-project profile\n# .codex/config.toml\n[profiles.project]\nmodel = \"gpt-5.1-codex\"\napi_key = \"sk-project-specific-key\"\n```\n\n## Related Skills\n\n- `codex-cli`: Main Codex CLI integration\n- `codex-chat`: Interactive workflows\n- `codex-tools`: Tool execution patterns\n- `codex-review`: Code review workflows\n- `codex-git`: Git-aware development\n\n## Updates\n\n```bash\n# Update Codex CLI\nnpm update -g @openai/codex\n\n# Check version\ncodex --version\n\n# Test authentication after update\ncodex exec \"Authentication test after update\"\n```\n---","attachment_filenames":[],"attachments":[],"content_json":{"type":"doc","content":[{"type":"heading","attrs":{"level":1},"content":[{"text":"Codex Authentication Management","type":"text"}]},{"type":"paragraph","content":[{"text":"Comprehensive authentication setup and management for OpenAI Codex CLI, supporting ChatGPT OAuth and API keys.","type":"text"}]},{"type":"paragraph","content":[{"text":"Last Updated","type":"text","marks":[{"type":"strong"}]},{"text":": December 2025 (GPT-5.2 Release)","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Authentication Methods","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"1. ChatGPT Plus/Pro (Recommended)","type":"text"}]},{"type":"paragraph","content":[{"text":"Benefits:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"No API key management","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Includes GPT-5.1-Codex-Max and GPT-5.2 access","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"4x more usage with Codex-Mini","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Seamless browser authentication","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Automatic token refresh","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Access to GPT-5.2 Pro for maximum accuracy","type":"text"}]}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Initial login\ncodex login\n# Opens browser for ChatGPT authentication\n\n# Check login status\ncodex exec \"Am I authenticated? What account am I using?\"\n\n# Logout\ncodex logout","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"2. API Key Setup","type":"text"}]},{"type":"paragraph","content":[{"text":"Benefits:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Programmatic access","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"No browser required","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Scriptable workflows","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"CI/CD integration","type":"text"}]}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Method 1: Environment variable\nexport OPENAI_API_KEY=\"sk-your-api-key-here\"\n\n# Verify\ncodex exec \"Test authentication\"\n\n# Method 2: Config file\nmkdir -p ~/.codex\ncat > ~/.codex/config.toml \u003c\u003c 'EOF'\napi_key = \"sk-your-api-key-here\"\nEOF\nchmod 600 ~/.codex/config.toml\n\n# Method 3: Per-project config\nmkdir -p .codex\necho 'api_key = \"sk-project-specific-key\"' > .codex/config.toml\necho '.codex/' >> .gitignore","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Authentication Configuration","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Priority Order","type":"text"}]},{"type":"paragraph","content":[{"text":"Codex checks authentication in this order:","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Command-line config overrides (","type":"text"},{"text":"-c api_key=\"...\"","type":"text","marks":[{"type":"code_inline"}]},{"text":")","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Environment variable ","type":"text"},{"text":"OPENAI_API_KEY","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Project config ","type":"text"},{"text":".codex/config.toml","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"User config ","type":"text"},{"text":"~/.codex/config.toml","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"OAuth credentials (from ","type":"text"},{"text":"codex login","type":"text","marks":[{"type":"code_inline"}]},{"text":")","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Configuration File","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"toml"},"content":[{"text":"# ~/.codex/config.toml\n\n# API Key (alternative to OAuth)\napi_key = \"sk-your-api-key-here\"\n\n# Default model (December 2025)\nmodel = \"gpt-5.1-codex-max\" # Default for agentic coding\n# Alternative models:\n# model = \"gpt-5.2\" # Latest general model (400K context)\n# model = \"gpt-5.2-pro\" # Maximum accuracy\n\n# Default approval mode\nask_for_approval = \"never\" # Full automation\n\n# Default sandbox mode\nsandbox = \"workspace-write\"\n\n# Enable features\nsearch = true\n\n# Organization (if using organization API key)\norganization = \"org-your-org-id\"\n\n# GPT-5.2 specific settings\nreasoning_effort = \"high\" # medium, high, xhigh (Pro only)\ncompact = false # Enable context compaction\n\n# Additional settings\n[features]\nweb_search = true\nmultimodal = true\nmcp = true","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Multi-Account Management","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Switching Between Accounts","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"#!/bin/bash\n# Switch between multiple OpenAI accounts\n\nswitch_codex_account() {\n local account=$1\n\n case $account in\n personal)\n unset OPENAI_API_KEY\n codex logout\n codex login\n echo \"Switched to personal ChatGPT account\"\n ;;\n\n work)\n export OPENAI_API_KEY=\"$(pass show openai/work-api-key)\"\n echo \"Switched to work API key\"\n ;;\n\n project)\n # Use project-specific key from .codex/config.toml\n unset OPENAI_API_KEY\n echo \"Using project config in .codex/config.toml\"\n ;;\n\n ci)\n export OPENAI_API_KEY=\"$CI_OPENAI_API_KEY\"\n echo \"Switched to CI/CD API key\"\n ;;\n\n *)\n echo \"Unknown account: $account\"\n echo \"Available: personal, work, project, ci\"\n return 1\n ;;\n esac\n\n # Verify authentication\n codex exec --dangerously-bypass-approvals-and-sandbox \\\n \"Confirm: What account am I using and what models are available?\"\n}\n\n# Usage\nswitch_codex_account personal","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Automated Account Testing","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"#!/bin/bash\n# Test all configured accounts\n\ntest_all_accounts() {\n for account in personal work project; do\n echo \"=== Testing $account account ===\"\n switch_codex_account \"$account\"\n\n if codex exec \"Quick test: 2+2?\" 2>/dev/null; then\n echo \"✓ $account account working\"\n else\n echo \"✗ $account account failed\"\n fi\n\n echo \"\"\n done\n}\n\n# Usage\ntest_all_accounts","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Secure API Key Storage","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Using pass (Password Store)","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"#!/bin/bash\n# Secure API key management with pass\n\n# Install pass\nsudo apt-get install pass # Debian/Ubuntu\nbrew install pass # macOS\n\n# Initialize pass\ngpg --gen-key\npass init [email protected]\n\n# Store API key\npass insert openai/personal-key\npass insert openai/work-key\npass insert openai/ci-key\n\n# Use in scripts\nexport OPENAI_API_KEY=\"$(pass show openai/personal-key)\"\n\n# Verify\ncodex exec \"Test authentication\"","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Using macOS Keychain","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"#!/bin/bash\n# Store in macOS Keychain\n\n# Add API key\nsecurity add-generic-password \\\n -a \"$USER\" \\\n -s \"openai-api-key\" \\\n -w \"sk-your-api-key-here\"\n\n# Retrieve from keychain\nexport OPENAI_API_KEY=\"$(security find-generic-password -s 'openai-api-key' -w)\"\n\n# Use with Codex\ncodex exec \"Verify authentication\"","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Environment-Specific Keys","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"#!/bin/bash\n# Use different keys for different environments\n\n# Development\nif [ \"$ENV\" = \"development\" ]; then\n export OPENAI_API_KEY=\"$DEV_OPENAI_KEY\"\n# Staging\nelif [ \"$ENV\" = \"staging\" ]; then\n export OPENAI_API_KEY=\"$STAGING_OPENAI_KEY\"\n# Production\nelif [ \"$ENV\" = \"production\" ]; then\n export OPENAI_API_KEY=\"$PROD_OPENAI_KEY\"\nfi\n\n# Verify which environment\ncodex exec \"What environment am I in based on my API key?\"","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"CI/CD Integration","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"GitHub Actions","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"yaml"},"content":[{"text":"# .github/workflows/codex-automation.yml\nname: Codex Automation\non: [push, pull_request]\n\njobs:\n codex-analysis:\n runs-on: ubuntu-latest\n\n steps:\n - uses: actions/checkout@v3\n\n - name: Setup Node.js\n uses: actions/setup-node@v3\n with:\n node-version: '20'\n\n - name: Install Codex CLI\n run: npm install -g @openai/codex\n\n - name: Run Codex Analysis\n env:\n OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}\n run: |\n codex exec --dangerously-bypass-approvals-and-sandbox \\\n --json \\\n \"Analyze code quality, run tests, fix issues\" \\\n > analysis.json\n\n - name: Upload Results\n uses: actions/upload-artifact@v3\n with:\n name: codex-analysis\n path: analysis.json","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Docker Integration","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"dockerfile"},"content":[{"text":"# Dockerfile with Codex CLI\nFROM node:20-alpine\n\n# Install Codex CLI\nRUN npm install -g @openai/codex\n\n# Build-time API key (not recommended for production)\nARG OPENAI_API_KEY\nENV OPENAI_API_KEY=$OPENAI_API_KEY\n\n# Or mount config at runtime\n# docker run -v ~/.codex:/root/.codex ...\n\nWORKDIR /app\nCOPY . .\n\n# Run Codex automation\nCMD [\"codex\", \"exec\", \"--dangerously-bypass-approvals-and-sandbox\", \"Analyze and improve code\"]","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"GitLab CI","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"yaml"},"content":[{"text":"# .gitlab-ci.yml\ncodex_automation:\n image: node:20\n before_script:\n - npm install -g @openai/codex\n script:\n - >\n codex exec --dangerously-bypass-approvals-and-sandbox\n --json \"Run comprehensive analysis\"\n > analysis.json\n artifacts:\n paths:\n - analysis.json\n variables:\n OPENAI_API_KEY: $OPENAI_API_KEY # Set in GitLab CI/CD settings","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Troubleshooting","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Debug Authentication","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Check current authentication\ncodex exec \"What authentication method am I using?\"\n\n# Verify API key format\necho $OPENAI_API_KEY | grep -E '^sk-[a-zA-Z0-9]{48}

Codex Authentication Management Comprehensive authentication setup and management for OpenAI Codex CLI, supporting ChatGPT OAuth and API keys. Last Updated : December 2025 (GPT-5.2 Release) Authentication Methods 1. ChatGPT Plus/Pro (Recommended) Benefits: - No API key management - Includes GPT-5.1-Codex-Max and GPT-5.2 access - 4x more usage with Codex-Mini - Seamless browser authentication - Automatic token refresh - Access to GPT-5.2 Pro for maximum accuracy 2. API Key Setup Benefits: - Programmatic access - No browser required - Scriptable workflows - CI/CD integration Authentication Conf…

&& echo \"Valid format\" || echo \"Invalid format\"\n\n# Test with simple prompt\ncodex exec --dangerously-bypass-approvals-and-sandbox \"Echo: Authentication test\"\n\n# Check config file\ncat ~/.codex/config.toml\n\n# Verify environment\nenv | grep OPENAI","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Common Issues","type":"text"}]},{"type":"paragraph","content":[{"text":"1. Authentication Failed","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Clear stored credentials\ncodex logout\nrm -rf ~/.codex/credentials\n\n# Re-authenticate\ncodex login\n\n# Or set API key\nexport OPENAI_API_KEY=\"sk-your-key\"","type":"text"}]},{"type":"paragraph","content":[{"text":"2. Invalid API Key","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Verify key format (should start with sk-)\necho $OPENAI_API_KEY | cut -c1-3\n\n# Test key directly\ncurl https://api.openai.com/v1/models \\\n -H \"Authorization: Bearer $OPENAI_API_KEY\" | jq .\n\n# Regenerate key at https://platform.openai.com/api-keys","type":"text"}]},{"type":"paragraph","content":[{"text":"3. Rate Limiting","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Check rate limits with headers\ncurl -I https://api.openai.com/v1/models \\\n -H \"Authorization: Bearer $OPENAI_API_KEY\" | grep -i rate\n\n# Use organization API key for higher limits\n# Set in ~/.codex/config.toml:\n# organization = \"org-your-org-id\"","type":"text"}]},{"type":"paragraph","content":[{"text":"4. Wrong Account","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Check which account is active\ncodex exec \"What account/organization am I using?\"\n\n# Switch accounts\ncodex logout\ncodex login # Re-authenticate with correct account","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Security Best Practices","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"API Key Security","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Never commit keys\necho '.codex/' >> .gitignore\necho '.env' >> .gitignore\necho '*.key' >> .gitignore\n\n# Restrict file permissions\nchmod 600 ~/.codex/config.toml\n\n# Use environment variables in production\n# Never hardcode keys in scripts\n\n# Rotate keys regularly\nrotate_api_key() {\n local old_key=$OPENAI_API_KEY\n\n echo \"Visit https://platform.openai.com/api-keys to generate new key\"\n read -p \"Enter new API key: \" new_key\n\n export OPENAI_API_KEY=$new_key\n\n if codex exec \"Test new key\"; then\n echo \"New key works. Remember to revoke old key.\"\n else\n export OPENAI_API_KEY=$old_key\n echo \"New key failed. Reverted to old key.\"\n fi\n}","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Audit Logging","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"#!/bin/bash\n# Log all Codex usage for audit trail\n\naudit_codex() {\n local log_dir=\"~/.codex/audit\"\n mkdir -p \"$log_dir\"\n\n local log_file=\"${log_dir}/$(date '+%Y-%m-%d').log\"\n local timestamp=$(date '+%Y-%m-%d %H:%M:%S')\n local user=$(whoami)\n\n # Determine auth method\n local auth_method=\"unknown\"\n if [ -n \"$OPENAI_API_KEY\" ]; then\n auth_method=\"api_key\"\n elif [ -f ~/.codex/credentials ]; then\n auth_method=\"oauth\"\n fi\n\n # Log the operation\n echo \"$timestamp | $user | $auth_method | $*\" >> \"$log_file\"\n\n # Execute Codex\n codex \"$@\"\n}\n\n# Use instead of codex\nalias codex='audit_codex'","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Least Privilege","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Create limited-scope API key for specific tasks\n# Use organization settings to restrict:\n# - Models available\n# - Rate limits\n# - Permissions\n\n# In CI/CD, use minimal permissions\n# Don't use personal API key in CI/CD\n\n# Use different keys for different purposes:\n# - Development key (higher limits, unrestricted)\n# - CI/CD key (restricted, specific models only)\n# - Production key (highly restricted)","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Configuration Profiles","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"toml"},"content":[{"text":"# ~/.codex/config.toml with multiple profiles (December 2025)\n\n# Default configuration\nmodel = \"gpt-5.1-codex-max\" # Best for agentic coding\nask_for_approval = \"on-request\"\n\n# Safe profile for exploration\n[profiles.safe]\nmodel = \"o4-mini\"\nask_for_approval = \"untrusted\"\nsandbox = \"read-only\"\n\n# Development profile\n[profiles.dev]\nmodel = \"gpt-5.1-codex-max\"\nask_for_approval = \"on-failure\"\nsandbox = \"workspace-write\"\nsearch = true\n\n# Full automation profile\n[profiles.auto]\nmodel = \"gpt-5.1-codex-max\"\nask_for_approval = \"never\"\nsandbox = \"danger-full-access\"\nsearch = true\n\n# CI/CD profile\n[profiles.ci]\nmodel = \"gpt-5.1-codex-mini\" # Cost-efficient\nask_for_approval = \"never\"\nsandbox = \"workspace-write\"\n\n# GPT-5.2 profiles (NEW December 2025)\n[profiles.gpt52]\nmodel = \"gpt-5.2\"\nask_for_approval = \"never\"\nsandbox = \"workspace-write\"\nsearch = true\n\n[profiles.gpt52-pro]\nmodel = \"gpt-5.2-pro\"\nreasoning_effort = \"xhigh\"\nask_for_approval = \"on-request\"\nsandbox = \"workspace-write\"\n\n[profiles.long-context]\nmodel = \"gpt-5.2\"\ncompact = true # Enable context compaction for 400K context\nask_for_approval = \"never\"","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Usage with Profiles","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Use profile\ncodex exec -p dev \"Develop new feature\"\n\n# Override profile settings\ncodex exec -p auto -m o3 \"Complex task with reasoning\"\n\n# Per-project profile\n# .codex/config.toml\n[profiles.project]\nmodel = \"gpt-5.1-codex\"\napi_key = \"sk-project-specific-key\"","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Related Skills","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"codex-cli","type":"text","marks":[{"type":"code_inline"}]},{"text":": Main Codex CLI integration","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"codex-chat","type":"text","marks":[{"type":"code_inline"}]},{"text":": Interactive workflows","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"codex-tools","type":"text","marks":[{"type":"code_inline"}]},{"text":": Tool execution patterns","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"codex-review","type":"text","marks":[{"type":"code_inline"}]},{"text":": Code review workflows","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"codex-git","type":"text","marks":[{"type":"code_inline"}]},{"text":": Git-aware development","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Updates","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Update Codex CLI\nnpm update -g @openai/codex\n\n# Check version\ncodex --version\n\n# Test authentication after update\ncodex exec \"Authentication test after update\"","type":"text"}]},{"type":"hr","attrs":{"markup":"---"}}]},"metadata":{"date":"2026-06-05","name":"codex-auth","author":"@skillopedia","source":{"stars":11,"repo_name":"skrillz","origin_url":"https://github.com/adaptationio/skrillz/blob/HEAD/skills/codex-auth/SKILL.md","repo_owner":"adaptationio","body_sha256":"520d29a3ef225f2957e782e86e0754c7e8f215e8b7f2a97c8bc6a07ab881d3b6","cluster_key":"180d21b8376fd5db8d4ab116156ab3d55f6cd00f16e1ace033deee9b5a80faa2","clean_bundle":{"format":"clean-skill-bundle-v1","source":"adaptationio/skrillz/skills/codex-auth/SKILL.md","bundle_sha256":"6c2de268158fa2f262a120981bd84df073553238c6ca6659443848cba61aa83b","attachment_count":0,"text_attachments":0,"binary_attachments":0},"cluster_size":2,"skill_md_path":"skills/codex-auth/SKILL.md","import_metadata":{"date":"2026-06-05","author":"@skillopedia","version":"v1","category":"integrations-apis","category_label":"Integrations"},"exact_dupes_collapsed_into_this":1},"version":"v1","category":"integrations-apis","import_tag":"clean-skills-v1","description":"Setup and manage OpenAI Codex CLI authentication including ChatGPT Plus/Pro OAuth, API keys, and multi-account management. Use when configuring Codex access, switching accounts, or troubleshooting authentication."}},"renderedAt":1782979468391}

Codex Authentication Management Comprehensive authentication setup and management for OpenAI Codex CLI, supporting ChatGPT OAuth and API keys. Last Updated : December 2025 (GPT-5.2 Release) Authentication Methods 1. ChatGPT Plus/Pro (Recommended) Benefits: - No API key management - Includes GPT-5.1-Codex-Max and GPT-5.2 access - 4x more usage with Codex-Mini - Seamless browser authentication - Automatic token refresh - Access to GPT-5.2 Pro for maximum accuracy 2. API Key Setup Benefits: - Programmatic access - No browser required - Scriptable workflows - CI/CD integration Authentication Conf…