valknar/llmx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: replace --api-key with --with-api-key in codex login (#4646)

Browse Source 
Previously, users could supply their API key directly via:

```shell
codex login --api-key KEY
```

but this has the drawback that `KEY` is more likely to end up in shell
history, can be read from `/proc`, etc.

This PR removes support for `--api-key` and replaces it with
`--with-api-key`, which reads the key from stdin, so either of these are
better options:

```
printenv OPENAI_API_KEY | codex login --with-api-key
codex login --with-api-key < my_key.txt
```

Other CLIs, such as `gh auth login --with-token`, follow the same
practice.
This commit is contained in:
Michael Bolin
2025-10-02 23:17:31 -07:00
committed by GitHub
parent 16b6951648
commit 69ac5153d4
3 changed files with 58 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/authentication.md
View File

@@ -5,9 +5,17 @@
If you prefer to pay-as-you-go, you can still authenticate with your OpenAI API key:
```shell
codex login --api-key "your-api-key-here"
printenv OPENAI_API_KEY | codex login --with-api-key
```
Alternatively, read from a file:
```shell
codex login --with-api-key < my_key.txt
```
The legacy `--api-key` flag now exits with an error instructing you to use `--with-api-key` so that the key never appears in shell history or process listings.
This key must, at minimum, have write access to the Responses API.
## Migrating to ChatGPT login from API key