Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
udbhavs 3 days ago

Next, set your OpenAI API key as an environment variable:

export OPENAI_API_KEY="your-api-key-here"

Note: This command sets the key only for your current terminal session. To make it permanent, add the export line to your shell's configuration file (e.g., ~/.zshrc).

Can't any 3rd party utility running in the same shell session phone home with the API key? I'd ideally want only codex to be able to access this var

jsheard 3 days ago | parent | next [-]

If you let malicious code run unsandboxed on your main account then you probably have bigger problems than an OpenAI API key getting leaked.

mhitza 3 days ago | parent [-]

You mean running npm update at the "wrong time"?

3 days ago | parent [-]
[deleted]
jjmarr 3 days ago | parent | prev | next [-]

Just don't export it?

    OPENAI_API_KEY="your-api-key-here" codex
aesbetic 3 days ago | parent [-]

Yea that’s not gonna work, you have to export it for it to become part of your shell’s environment and be passed down to subprocesses.

You could however wrap the export variable and codex command in a script and just call that. This way the variable would only be part of that script’s environment.

PhilipRoman 3 days ago | parent [-]

That code example uses the "VAR=VALUE program" syntax, which exports the variable only for that particular process, so it should work (https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V...)

aesbetic 2 days ago | parent [-]

Yea you’re right. I viewed the comment on mobile where “codex” was wrapped to a new line.

Now I know I should be careful examining code not formatted in a code block.

primitivesuave 3 days ago | parent | prev | next [-]

You could create a shell function - e.g. `codex() { OPENAI="xyz" codex "$@" }'. To call the original command use `command codex ...`.

People downvoting legitimate questions on HN should be ashamed of themselves.

udbhavs 2 days ago | parent [-]

That's neat! I only asked because I haven't seen API keys used in the context of profile environment variables in shell before - there might be other common cases I'm unaware of

3 days ago | parent | prev [-]
[deleted]