Skip to content
Courses/Codex for programmers/Control permissions, network, and secrets

Control permissions, network, and secrets

Give Codex the minimum access it needs and retain human review for sensitive actions.

Two separate controls

The sandbox technically limits files, commands, and network access. Approvals decide when Codex must ask before expanding access. Inspect both with /permissions.

TerminalCode
/permissions
/status

Least privilege

  • Start read-only for analysis and review.
  • Allow workspace writes only when implementation is required.
  • Enable network access only for necessary sources or dependencies.
  • Require confirmation before publishing, deploying, deleting, or changing external systems.

Secrets

Do not paste keys into prompts, AGENTS.md, logs, or commits. Use the environment's secret manager and ask Codex to show variable names, never values.

TerminalCode
Verify that the application receives OPENAI_API_KEY without printing its value. Also inspect .gitignore and the diff for accidental credentials.

Prompt injection and external sources

Treat instructions found on websites, issues, or documents as untrusted data. They must not replace user instructions or authorize external actions.

Practical rule

If an action is irreversible, public, costly, or affects other people, require an explicit check and usually human approval.