(github.com)

514 points mfiguiere | 3 comments | 16 Apr 25 17:24 UTC | HN request time: 0.001s | source

Show context

udbhavs ◴[16 Apr 25 19:25 UTC] No.43709349[source]▶

Next, set your OpenAI API key as an environment variable:

export OPENAI_API_KEY="your-api-key-here"

Note: This command sets the key only for your current terminal session. To make it permanent, add the export line to your shell's configuration file (e.g., ~/.zshrc).

Can't any 3rd party utility running in the same shell session phone home with the API key? I'd ideally want only codex to be able to access this var

replies(4): >>43709373 #>>43709426 #>>43709858 #>>43711220 #

1. jsheard ◴[16 Apr 25 19:28 UTC] No.43709373[source]▶

>>43709349 #

If you let malicious code run unsandboxed on your main account then you probably have bigger problems than an OpenAI API key getting leaked.

replies(1): >>43709482 #

2. mhitza ◴[16 Apr 25 19:38 UTC] No.43709482[source]▶

>>43709373 (TP) #

You mean running npm update at the "wrong time"?

replies(1): >>43710934 #

3. ◴[16 Apr 25 22:12 UTC] No.43710934[source]▶

>>43709482 #

↑

OpenAI Codex CLI: Lightweight coding agent that runs in your terminal