codex
codex copied to clipboard
openai
Codex should have a setting which allows it to inherit terminal environment variables
What feature would you like to see?
Today I was trying to use a CLI tool which expects an environment variable to be set, otherwise it cannot work.
I have set an env variable named SENTRY_API_TOKEN in my terminal, but running the tool from inside codex was failing.
I asked codex why this was happening and I got this response:
You're right - sorry for the frustration.
The shell I run in is an isolated sandbox and does not inherit
your terminal's environment variables, so I can't see your SENTRY_API_TOKEN
even though your shell has it set.
Escalation allows network, but doesn't pass env through.
This behaviour doesn't happen with other agents (like Claude Code, Open Code etc...).
In case you have made this choice for "security", you should at least allows the users to decide if codex should inherit the env variables or not, otherwise many tools won't work.
Are you interested in implementing this feature?
No response
Additional information
No response
Bump!
I wanted to open a similar issue right now. This would be a great feature. I couldn't find any workaround this limitation
Actually, I just realized. For my use case, you can simply use the --config to inject the env variable.
E.g.:
codex -c -foo.bar.env.SOME_ENV_VAR="value"
Have you tried to set this in ~/.codex/config.toml
[shell_environment_policy] inherit = "all"
That solved it for me.
Have you tried to set this in ~/.codex/config.toml
[shell_environment_policy] inherit = "all"
That solved it for me.
I just tried this and it doesn't work. I can workaround this specific tool (because I built it) by adding support for config files (so it will read the value from ie ~/.config/sentire/config.json) but I'm concerned for all the other tools where I have no control on them.
I have tried both:
[shell_environment_policy]
inherit = "all"
As well as:
[shell_environment_policy]
inherit = "all"
experimental_use_profile = true
But neither worked - I use https://flox.dev/ for development environments and they rely on the environment being set right. This works totally fine in Claude Code, but I'm unable to get codex to behave at all.
This prevents me from using pretty much any CLI tools in Code: Github CLI, Jira CLI, all my custom CLI tools I've made specifically for AI's to use.
I'm seeing this issue only with specific variables. Does codex filter on "TOKEN" for security? None of the work-arounds from this thread are working for me.
🐳 developer@rocky-dev:/workspace$ env | grep GITLAB
GITLAB_HOST=10.89.1.2
GITLAB_TOKEN=test
🐳 developer@rocky-dev:/workspace$ codex 'run env | grep GITLAB'
...
> Listing environment variables and filtering for GITLAB-related entries.
• Ran env | grep GITLAB
> - GITLAB_HOST=10.89.1.2
I was able to work around this by creating a function that loads the key from a file and sets it when running the underlying glab command.
glab() { local token; token=$(tr -d ' \n\r' < ~/.gitlab_token); GITLAB_TOKEN="$token" ~/go/bin/glab "$@"; }
This is documented in their config docs — the docs wording is imprecise however:
By default it now passes your full environment to those subprocesses.
But further down, you can see an ignore_default_excludes option that has default of false with comment:
When false, Codex removes any var whose name contains
KEY,SECRET, orTOKEN(case-insensitive) before other rules run.
making the previous note that "full environment" is passed in "by default", incorrect.
TL;DR
[shell_environment_policy]
ignore_default_excludes = true
should do it.
having issues on fish!
from fish, i enter zsh, then it finds my shit. in fish, codex does not find my shit :( (no path inheritance)
[shell_environment_policy]
inherit = "all"
ignore_default_excludes = true
experimental_use_profile = true
@andreagrandi
I encountered a similar issue when running Codex in a container environment. I injected some specific environment variables each time I called it, but Codex seemed not to actively read the environment variables to perform the expected actions, such as using the GITHUB_TOKEN to call the API. Initially, I resolved this issue by:
Explicitly stating in the prompt that Codex can read environment variables to do something
However, later I found that Codex seems to be able to explicitly set the environment variable policy in the configuration file config.toml: https://github.com/openai/codex/blob/main/docs/config.md#shell_environment_policy
After configuring it according to this method, the issue was resolved.
Just chiming in that I ran into this (codex running a Go test which requires an env variable st). inherit = "all" did not work. I used set={... } in the codex config file, which worked (but obviously that isn't a long term sol'n to keep this in sync with my normal env variable setup).
In general codex security policy and principles are extremely frustrating -- I end up disabling ~all of it so I can actually work, and it still bites me!
@cypriss
Just chiming in that I ran into this (codex running a Go test which requires an env variable st). inherit = "all" did not work. I used
set={... }in the codex config file, which worked (but obviously that isn't a long term sol'n to keep this in sync with my normal env variable setup).In general codex security policy and principles are extremely frustrating -- I end up disabling ~all of it so I can actually work, and it still bites me!
Similar situation, in my agent project, I integrated Claude Code CLI, Codex CLI and Gemini CLI. So Codex has been encountering various issues, such as the environment variable policy, config file, MCP, etc.
So, looking at the thing - codex seems to prepend a LOT of things to the path - it does preserve it, but prepends
/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/ usr/appleinternal/bin:/opt/pmk/env/global/bin:/opt/X11/bin:/Library/Apple/usr/bin:/usr/local/share/dotnet:~/.dotnet/tools:/var/folders/_y/x2bbjyps5831190g955y91_h0000gn/T/.tmpZ800wO:/Users/mickg10/.nvm/versions/node/v25.1.0/lib/node_modules/@openai/codex/vendor/aarch64-apple-darwin/ path
Any idea how to turn that off?
(aesthetic) [email protected] ~/src/improved_aesthetic-predictor 7088 > cat ~/.codex/config.toml; echo $PATH; (export BAR=1234; export PATH=FOO:$PATH; codex -s danger-full-access --dangerously-bypass-approvals-and-sandbox -c model_reasoning_effort="high" -m gpt-5.1-codex --enable web_search_request 'Print me PATH env var and the BAR env var') tui = { theme = { name = "dark-zen-garden" } } model = "gpt-5.1-codex" model_reasoning_effort = "high"
[tools] websearch = true
features.web_search_request = true
tools.view_image = true
[shell_environment_policy] inherit = "all" ignore_default_excludes = true experimental_use_profile = true
/Users/mickg10/miniconda3/envs/aesthetic/bin:/Users/mickg10/miniconda3/condabin:/Users/mickg10/.nvm/versions/node/v25.1.0/bin:/Users/mickg10/.cargo/bin:/Users/mickg10/.bun/bin:/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/opt/pmk/env/global/bin:/opt/X11/bin:/Library/Apple/usr/bin:/usr/local/share/dotnet:~/.dotnet/tools:/opt/homebrew/opt/fzf/bin ╭──────────────────────────────────────────────────╮ │ >_ OpenAI Codex (v0.58.0) │ │ │ │ model: gpt-5.1-codex high /model to change │ │ directory: ~/src/improved_aesthetic-predictor │ ╰──────────────────────────────────────────────────╯
To get started, describe a task or try one of these commands:
/init - create an AGENTS.md file with instructions for Codex /status - show current session configuration /approvals - choose what Codex can do without approval /model - choose what model and reasoning effort to use /review - review any changes and find issues
› Print me PATH env var and the BAR env var
• Ran echo "PATH=$PATH"; echo "BAR=$BAR" └ PATH=/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/ usr/appleinternal/bin:/opt/pmk/env/global/bin:/opt/X11/bin:/Library/Apple/usr/bin:/usr/local/share/dotnet:~/.dotnet/tools:/var/folders/_y/x2bbjyps5831190g955y91_h0000gn/T/.tmpZ800wO:/Users/mickg10/.nvm/versions/node/v25.1.0/lib/node_modules/@openai/codex/vendor/aarch64-apple-darwin/ path:FOO:/Users/mickg10/miniconda3/envs/aesthetic/bin:/Users/mickg10/miniconda3/condabin:/Users/mickg10/.nvm/versions/node/v25.1.0/bin:/Users/mickg10/.cargo/bin:/Users/mickg10/.bun/bin:/opt/homebrew/bin:/opt/homebrew/sbin:/opt/homebrew/opt/fzf/bin BAR=1234
─ Worked for 6s ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
• PATH=/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/ usr/appleinternal/bin:/opt/pmk/env/global/bin:/opt/X11/bin:/Library/Apple/usr/bin:/usr/local/share/dotnet:~/.dotnet/tools:/var/folders/_y/x2bbjyps5831190g955y91_h0000gn/T/.tmpZ800wO:/Users/mickg10/.nvm/versions/node/v25.1.0/lib/node_modules/@openai/codex/vendor/aarch64-apple-darwin/ path:FOO:/Users/mickg10/miniconda3/envs/aesthetic/bin:/Users/mickg10/miniconda3/condabin:/Users/mickg10/.nvm/versions/node/v25.1.0/bin:/Users/mickg10/.cargo/bin:/Users/mickg10/.bun/bin:/opt/homebrew/bin:/opt/homebrew/sbin:/opt/homebrew/opt/fzf/bin BAR=1234
