Most active commenters

    ←back to thread

    OpenAI Codex CLI: Lightweight coding agent that runs in your terminal

    (github.com)
    514 points mfiguiere | 11 comments | 16 Apr 25 17:24 UTC | HN request time: 0.417s | source | bottom
    1. udbhavs ◴[16 Apr 25 19:25 UTC] No.43709349[source]
    Next, set your OpenAI API key as an environment variable:

    export OPENAI_API_KEY="your-api-key-here"

    Note: This command sets the key only for your current terminal session. To make it permanent, add the export line to your shell's configuration file (e.g., ~/.zshrc).

    Can't any 3rd party utility running in the same shell session phone home with the API key? I'd ideally want only codex to be able to access this var

    replies(4): >>43709373 #>>43709426 #>>43709858 #>>43711220 #
    2. jsheard ◴[16 Apr 25 19:28 UTC] No.43709373[source]
    If you let malicious code run unsandboxed on your main account then you probably have bigger problems than an OpenAI API key getting leaked.
    replies(1): >>43709482 #
    3. ◴[16 Apr 25 19:33 UTC] No.43709426[source]
    4. mhitza ◴[16 Apr 25 19:38 UTC] No.43709482[source]
    You mean running npm update at the "wrong time"?
    replies(1): >>43710934 #
    5. primitivesuave ◴[16 Apr 25 20:15 UTC] No.43709858[source]
    You could create a shell function - e.g. `codex() { OPENAI="xyz" codex "$@" }'. To call the original command use `command codex ...`.

    People downvoting legitimate questions on HN should be ashamed of themselves.

    replies(1): >>43720470 #
    6. ◴[16 Apr 25 22:12 UTC] No.43710934{3}[source]
    7. jjmarr ◴[16 Apr 25 22:56 UTC] No.43711220[source]
    Just don't export it?

        OPENAI_API_KEY="your-api-key-here" codex
    replies(1): >>43712011 #
    8. aesbetic ◴[17 Apr 25 01:03 UTC] No.43712011[source]
    Yea that’s not gonna work, you have to export it for it to become part of your shell’s environment and be passed down to subprocesses.

    You could however wrap the export variable and codex command in a script and just call that. This way the variable would only be part of that script’s environment.

    replies(1): >>43713672 #
    9. PhilipRoman ◴[17 Apr 25 06:23 UTC] No.43713672{3}[source]
    That code example uses the "VAR=VALUE program" syntax, which exports the variable only for that particular process, so it should work (https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V...)
    replies(1): >>43724405 #
    10. udbhavs ◴[17 Apr 25 18:25 UTC] No.43720470[source]
    That's neat! I only asked because I haven't seen API keys used in the context of profile environment variables in shell before - there might be other common cases I'm unaware of
    11. aesbetic ◴[18 Apr 25 02:36 UTC] No.43724405{4}[source]
    Yea you’re right. I viewed the comment on mobile where “codex” was wrapped to a new line.

    Now I know I should be careful examining code not formatted in a code block.